xmrig | 3f5cc2a9f785ddb133f83910f032f1079f79bb2649a46a65d60a8e3be69b8193

Analysis

max time kernel
66s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
Size

1.9MB
MD5

08144ca77f646e565e122d4aa105c779
SHA1

dc73feaceca6f27c77596894d2d8ac7494ea956b
SHA256

3f5cc2a9f785ddb133f83910f032f1079f79bb2649a46a65d60a8e3be69b8193
SHA512

024d23e3042c1ed77bb99c01395ed331561d01a26076f0ecca8021273162b07de81854b09618521a77d6da5338182e827e68a528c57356e782490f07a80c3ea7
SSDEEP

49152:Lz071uv4BPMkibTIA5KIP7nTrmBhihM5xC+UM:NABv

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 10300 created 1432	10300	WerFaultSecure.exe	79

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 40 IoCs

miner

resource	yara_rule
behavioral2/memory/4740-234-0x00007FF614BF0000-0x00007FF614FE2000-memory.dmp	xmrig
behavioral2/memory/856-195-0x00007FF746B10000-0x00007FF746F02000-memory.dmp	xmrig
behavioral2/memory/1932-287-0x00007FF74F9D0000-0x00007FF74FDC2000-memory.dmp	xmrig
behavioral2/memory/5036-360-0x00007FF6A0010000-0x00007FF6A0402000-memory.dmp	xmrig
behavioral2/memory/1460-362-0x00007FF62D630000-0x00007FF62DA22000-memory.dmp	xmrig
behavioral2/memory/4432-410-0x00007FF73BB30000-0x00007FF73BF22000-memory.dmp	xmrig
behavioral2/memory/2116-431-0x00007FF7516E0000-0x00007FF751AD2000-memory.dmp	xmrig
behavioral2/memory/2124-433-0x00007FF73E560000-0x00007FF73E952000-memory.dmp	xmrig
behavioral2/memory/1948-665-0x00007FF627C30000-0x00007FF628022000-memory.dmp	xmrig
behavioral2/memory/2744-764-0x00007FF65AD10000-0x00007FF65B102000-memory.dmp	xmrig
behavioral2/memory/2012-430-0x00007FF7B1860000-0x00007FF7B1C52000-memory.dmp	xmrig
behavioral2/memory/1648-368-0x00007FF7712D0000-0x00007FF7716C2000-memory.dmp	xmrig
behavioral2/memory/4840-363-0x00007FF6F19E0000-0x00007FF6F1DD2000-memory.dmp	xmrig
behavioral2/memory/2936-361-0x00007FF6C11C0000-0x00007FF6C15B2000-memory.dmp	xmrig
behavioral2/memory/4724-335-0x00007FF6E9B00000-0x00007FF6E9EF2000-memory.dmp	xmrig
behavioral2/memory/1740-237-0x00007FF78EB60000-0x00007FF78EF52000-memory.dmp	xmrig
behavioral2/memory/5056-150-0x00007FF6DBA90000-0x00007FF6DBE82000-memory.dmp	xmrig
behavioral2/memory/4732-102-0x00007FF71F590000-0x00007FF71F982000-memory.dmp	xmrig
behavioral2/memory/4780-70-0x00007FF767E50000-0x00007FF768242000-memory.dmp	xmrig
behavioral2/memory/4780-2713-0x00007FF767E50000-0x00007FF768242000-memory.dmp	xmrig
behavioral2/memory/1932-2756-0x00007FF74F9D0000-0x00007FF74FDC2000-memory.dmp	xmrig
behavioral2/memory/5056-2754-0x00007FF6DBA90000-0x00007FF6DBE82000-memory.dmp	xmrig
behavioral2/memory/2408-2760-0x00007FF68ABD0000-0x00007FF68AFC2000-memory.dmp	xmrig
behavioral2/memory/4732-2762-0x00007FF71F590000-0x00007FF71F982000-memory.dmp	xmrig
behavioral2/memory/4724-2764-0x00007FF6E9B00000-0x00007FF6E9EF2000-memory.dmp	xmrig
behavioral2/memory/1516-2758-0x00007FF687EB0000-0x00007FF6882A2000-memory.dmp	xmrig
behavioral2/memory/856-2751-0x00007FF746B10000-0x00007FF746F02000-memory.dmp	xmrig
behavioral2/memory/2124-2753-0x00007FF73E560000-0x00007FF73E952000-memory.dmp	xmrig
behavioral2/memory/1740-2782-0x00007FF78EB60000-0x00007FF78EF52000-memory.dmp	xmrig
behavioral2/memory/4740-2796-0x00007FF614BF0000-0x00007FF614FE2000-memory.dmp	xmrig
behavioral2/memory/1648-2795-0x00007FF7712D0000-0x00007FF7716C2000-memory.dmp	xmrig
behavioral2/memory/2012-2791-0x00007FF7B1860000-0x00007FF7B1C52000-memory.dmp	xmrig
behavioral2/memory/4432-2789-0x00007FF73BB30000-0x00007FF73BF22000-memory.dmp	xmrig
behavioral2/memory/2744-2786-0x00007FF65AD10000-0x00007FF65B102000-memory.dmp	xmrig
behavioral2/memory/1948-2785-0x00007FF627C30000-0x00007FF628022000-memory.dmp	xmrig
behavioral2/memory/5036-2774-0x00007FF6A0010000-0x00007FF6A0402000-memory.dmp	xmrig
behavioral2/memory/1460-2772-0x00007FF62D630000-0x00007FF62DA22000-memory.dmp	xmrig
behavioral2/memory/2936-2778-0x00007FF6C11C0000-0x00007FF6C15B2000-memory.dmp	xmrig
behavioral2/memory/4840-2770-0x00007FF6F19E0000-0x00007FF6F1DD2000-memory.dmp	xmrig
behavioral2/memory/2116-2768-0x00007FF7516E0000-0x00007FF751AD2000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2408	WKEjmKY.exe
2124	DwPBUXq.exe
1516	UBhxrcb.exe
4780	wlTufla.exe
4732	YNtRLho.exe
5056	wdRmsTU.exe
856	lAXCZku.exe
4740	SGIHBkh.exe
1740	PPlHZWA.exe
1932	BiqKupT.exe
4724	xIOfCGt.exe
5036	RuusUFk.exe
1948	DzFrnNz.exe
2936	lrjPyOa.exe
1460	fLASmWU.exe
4840	LrvSoGk.exe
1648	zrpuzRZ.exe
4432	kaYwyNP.exe
2012	LSuuxNX.exe
2744	fUvfQTa.exe
2116	zNfpnor.exe
2356	qnOVPXr.exe
4340	WlyQFrx.exe
4520	thCMylw.exe
2332	kNErrPs.exe
2964	ouxhGJQ.exe
2396	NKpuGyE.exe
4232	wCPucrK.exe
5020	mymLBme.exe
4720	jRAqFHT.exe
4688	lzAVXno.exe
4072	NqDOMfb.exe
5016	PDweynS.exe
2092	nxMvvnS.exe
1420	FvKKNKB.exe
3500	UZVQWcF.exe
3508	bILqGGj.exe
2904	WuIEROy.exe
4772	bmmPAGQ.exe
4456	nRxdEMf.exe
4172	OjDRBdm.exe
4120	aFVQPpw.exe
3696	qmHbAOD.exe
5000	tFgvGfM.exe
3536	YFhaRLP.exe
4164	eBLmSSO.exe
4228	MzBvBRY.exe
4356	obqcXWT.exe
4580	pLVuWPI.exe
1080	sVidPDo.exe
1752	xtZfjwK.exe
2460	XdKJWXD.exe
4704	QCoqHUx.exe
4256	yDFOAsW.exe
4064	ykQONaV.exe
4476	WTIqhEm.exe
2620	eGsmJDr.exe
1020	sTyaDCR.exe
2860	rJQGQOw.exe
3832	vESTCLZ.exe
5112	kSRMyrb.exe
3248	RvvsLoR.exe
4544	FDQtMcL.exe
2232	TLOBakF.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/116-0-0x00007FF611F40000-0x00007FF612332000-memory.dmp	upx
behavioral2/files/0x000a000000023bb7-7.dat	upx
behavioral2/files/0x000a000000023bc2-97.dat	upx
behavioral2/files/0x000a000000023bc9-198.dat	upx
behavioral2/memory/4740-234-0x00007FF614BF0000-0x00007FF614FE2000-memory.dmp	upx
behavioral2/memory/856-195-0x00007FF746B10000-0x00007FF746F02000-memory.dmp	upx
behavioral2/files/0x000a000000023bdf-194.dat	upx
behavioral2/files/0x000a000000023bde-190.dat	upx
behavioral2/files/0x000a000000023bdc-185.dat	upx
behavioral2/files/0x000a000000023bc8-182.dat	upx
behavioral2/files/0x000a000000023bdb-181.dat	upx
behavioral2/files/0x000a000000023bc7-177.dat	upx
behavioral2/files/0x000a000000023bcf-175.dat	upx
behavioral2/files/0x000a000000023bd9-174.dat	upx
behavioral2/files/0x000a000000023bd8-173.dat	upx
behavioral2/files/0x000a000000023bd7-172.dat	upx
behavioral2/files/0x000a000000023bce-170.dat	upx
behavioral2/files/0x000a000000023bd6-169.dat	upx
behavioral2/files/0x000a000000023bcd-168.dat	upx
behavioral2/files/0x000a000000023bd5-167.dat	upx
behavioral2/memory/1932-287-0x00007FF74F9D0000-0x00007FF74FDC2000-memory.dmp	upx
behavioral2/memory/5036-360-0x00007FF6A0010000-0x00007FF6A0402000-memory.dmp	upx
behavioral2/memory/1460-362-0x00007FF62D630000-0x00007FF62DA22000-memory.dmp	upx
behavioral2/memory/4432-410-0x00007FF73BB30000-0x00007FF73BF22000-memory.dmp	upx
behavioral2/memory/2116-431-0x00007FF7516E0000-0x00007FF751AD2000-memory.dmp	upx
behavioral2/memory/2124-433-0x00007FF73E560000-0x00007FF73E952000-memory.dmp	upx
behavioral2/memory/1948-665-0x00007FF627C30000-0x00007FF628022000-memory.dmp	upx
behavioral2/memory/2744-764-0x00007FF65AD10000-0x00007FF65B102000-memory.dmp	upx
behavioral2/memory/2012-430-0x00007FF7B1860000-0x00007FF7B1C52000-memory.dmp	upx
behavioral2/memory/1648-368-0x00007FF7712D0000-0x00007FF7716C2000-memory.dmp	upx
behavioral2/memory/4840-363-0x00007FF6F19E0000-0x00007FF6F1DD2000-memory.dmp	upx
behavioral2/memory/2936-361-0x00007FF6C11C0000-0x00007FF6C15B2000-memory.dmp	upx
behavioral2/memory/4724-335-0x00007FF6E9B00000-0x00007FF6E9EF2000-memory.dmp	upx
behavioral2/memory/1740-237-0x00007FF78EB60000-0x00007FF78EF52000-memory.dmp	upx
behavioral2/files/0x000a000000023bd4-166.dat	upx
behavioral2/files/0x000a000000023bd3-165.dat	upx
behavioral2/files/0x000a000000023bbc-159.dat	upx
behavioral2/files/0x000a000000023bca-154.dat	upx
behavioral2/files/0x000a000000023bd1-144.dat	upx
behavioral2/files/0x000a000000023bd2-143.dat	upx
behavioral2/files/0x000a000000023bc1-134.dat	upx
behavioral2/files/0x000a000000023bc6-125.dat	upx
behavioral2/files/0x000a000000023bc5-124.dat	upx
behavioral2/files/0x000a000000023bc4-117.dat	upx
behavioral2/files/0x000a000000023bc3-111.dat	upx
behavioral2/files/0x000a000000023bcc-108.dat	upx
behavioral2/memory/5056-150-0x00007FF6DBA90000-0x00007FF6DBE82000-memory.dmp	upx
behavioral2/memory/4732-102-0x00007FF71F590000-0x00007FF71F982000-memory.dmp	upx
behavioral2/files/0x000a000000023bd0-136.dat	upx
behavioral2/files/0x000a000000023bc0-89.dat	upx
behavioral2/files/0x0031000000023bbf-83.dat	upx
behavioral2/files/0x000a000000023bcb-107.dat	upx
behavioral2/files/0x000a000000023bb9-73.dat	upx
behavioral2/memory/4780-70-0x00007FF767E50000-0x00007FF768242000-memory.dmp	upx
behavioral2/memory/1516-64-0x00007FF687EB0000-0x00007FF6882A2000-memory.dmp	upx
behavioral2/files/0x0031000000023bbe-49.dat	upx
behavioral2/files/0x0031000000023bbd-45.dat	upx
behavioral2/files/0x000a000000023bbb-39.dat	upx
behavioral2/files/0x000a000000023bb6-57.dat	upx
behavioral2/files/0x000b000000023bb2-35.dat	upx
behavioral2/files/0x000a000000023bba-28.dat	upx
behavioral2/files/0x000a000000023bb8-22.dat	upx
behavioral2/memory/2408-14-0x00007FF68ABD0000-0x00007FF68AFC2000-memory.dmp	upx
behavioral2/memory/4780-2713-0x00007FF767E50000-0x00007FF768242000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\srLeKtw.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\YNwvDcb.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\DofwzcX.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\lIwldWx.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\keFeEKi.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\WdiMipY.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\DujlzZs.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\tSgBqHJ.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\EOZeiYw.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\kDSrQZI.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\WuSfGBo.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\UibcOhC.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\lRzOzlK.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\pyLevpu.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\LUKqhwy.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\vBDvkxD.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\nwoRJEP.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\JZoOxqF.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\YHOJlCy.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\sBVrURw.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\NvEsIJj.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\SuaLjnM.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\AEumJMv.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\FolvZhm.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\bwwcaMn.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\XCDrAGf.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\RxCoHQL.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\BzRJlgZ.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\UZVQWcF.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\hNEaFFC.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\fDHhyFn.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\UcSNUVo.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\zXiwzQa.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\bueCfiJ.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\HTgnyRr.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\wdRmsTU.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\sKizOpK.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\BiyRfrY.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\ZdjHdWz.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\hGSsBmW.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\mTXsqwS.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\QIgWVkt.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\DUzUqcH.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\BiqKupT.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\LezgAAm.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\JOPKssb.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\vwBkWiJ.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\BoNikzE.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\SuQxRjp.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\IWQTDdG.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\UTEwvOI.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\eWxAaNp.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\xyteUZH.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\aFVQPpw.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\wivxEBI.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\oCPavtm.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\AkZkKXl.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\eajgbku.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\ZLBGwpW.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\KJgWIKc.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\KFOXIyf.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\pLVuWPI.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\YTIFIUc.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
File created	C:\Windows\System\buplDZg.exe	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3588	powershell.exe
3588	powershell.exe
3588	powershell.exe
3588	powershell.exe
3588	powershell.exe
10968	WerFaultSecure.exe
10968	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
Token: SeDebugPrivilege	3588	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 3588	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	84
PID 116 wrote to memory of 3588	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	84
PID 116 wrote to memory of 2408	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	85
PID 116 wrote to memory of 2408	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	85
PID 116 wrote to memory of 2124	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	86
PID 116 wrote to memory of 2124	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	86
PID 116 wrote to memory of 1516	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	87
PID 116 wrote to memory of 1516	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	87
PID 116 wrote to memory of 4780	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	88
PID 116 wrote to memory of 4780	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	88
PID 116 wrote to memory of 4732	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	89
PID 116 wrote to memory of 4732	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	89
PID 116 wrote to memory of 5056	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	90
PID 116 wrote to memory of 5056	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	90
PID 116 wrote to memory of 856	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	91
PID 116 wrote to memory of 856	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	91
PID 116 wrote to memory of 4740	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	92
PID 116 wrote to memory of 4740	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	92
PID 116 wrote to memory of 1740	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	93
PID 116 wrote to memory of 1740	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	93
PID 116 wrote to memory of 1932	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	94
PID 116 wrote to memory of 1932	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	94
PID 116 wrote to memory of 4724	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	95
PID 116 wrote to memory of 4724	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	95
PID 116 wrote to memory of 5036	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	96
PID 116 wrote to memory of 5036	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	96
PID 116 wrote to memory of 4840	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	97
PID 116 wrote to memory of 4840	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	97
PID 116 wrote to memory of 4432	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	98
PID 116 wrote to memory of 4432	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	98
PID 116 wrote to memory of 1948	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	99
PID 116 wrote to memory of 1948	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	99
PID 116 wrote to memory of 2936	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	100
PID 116 wrote to memory of 2936	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	100
PID 116 wrote to memory of 2332	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	101
PID 116 wrote to memory of 2332	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	101
PID 116 wrote to memory of 1460	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	102
PID 116 wrote to memory of 1460	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	102
PID 116 wrote to memory of 1648	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	103
PID 116 wrote to memory of 1648	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	103
PID 116 wrote to memory of 2012	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	104
PID 116 wrote to memory of 2012	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	104
PID 116 wrote to memory of 2744	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	105
PID 116 wrote to memory of 2744	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	105
PID 116 wrote to memory of 2116	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	106
PID 116 wrote to memory of 2116	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	106
PID 116 wrote to memory of 2356	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	107
PID 116 wrote to memory of 2356	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	107
PID 116 wrote to memory of 4340	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	108
PID 116 wrote to memory of 4340	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	108
PID 116 wrote to memory of 5016	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	109
PID 116 wrote to memory of 5016	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	109
PID 116 wrote to memory of 4520	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	110
PID 116 wrote to memory of 4520	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	110
PID 116 wrote to memory of 2964	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	111
PID 116 wrote to memory of 2964	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	111
PID 116 wrote to memory of 2396	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	112
PID 116 wrote to memory of 2396	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	112
PID 116 wrote to memory of 4232	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	113
PID 116 wrote to memory of 4232	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	113
PID 116 wrote to memory of 5020	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	114
PID 116 wrote to memory of 5020	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	114
PID 116 wrote to memory of 4720	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	115
PID 116 wrote to memory of 4720	116	08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe	115

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:1432
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 1432 -s 1528
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:10968

C:\Users\Admin\AppData\Local\Temp\08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08144ca77f646e565e122d4aa105c779_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3588
- C:\Windows\System\WKEjmKY.exe
  C:\Windows\System\WKEjmKY.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\DwPBUXq.exe
  C:\Windows\System\DwPBUXq.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\UBhxrcb.exe
  C:\Windows\System\UBhxrcb.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\wlTufla.exe
  C:\Windows\System\wlTufla.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\YNtRLho.exe
  C:\Windows\System\YNtRLho.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\wdRmsTU.exe
  C:\Windows\System\wdRmsTU.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\lAXCZku.exe
  C:\Windows\System\lAXCZku.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\SGIHBkh.exe
  C:\Windows\System\SGIHBkh.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\PPlHZWA.exe
  C:\Windows\System\PPlHZWA.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\BiqKupT.exe
  C:\Windows\System\BiqKupT.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\xIOfCGt.exe
  C:\Windows\System\xIOfCGt.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\RuusUFk.exe
  C:\Windows\System\RuusUFk.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\LrvSoGk.exe
  C:\Windows\System\LrvSoGk.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\kaYwyNP.exe
  C:\Windows\System\kaYwyNP.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\DzFrnNz.exe
  C:\Windows\System\DzFrnNz.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\lrjPyOa.exe
  C:\Windows\System\lrjPyOa.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\kNErrPs.exe
  C:\Windows\System\kNErrPs.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\fLASmWU.exe
  C:\Windows\System\fLASmWU.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\zrpuzRZ.exe
  C:\Windows\System\zrpuzRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\LSuuxNX.exe
  C:\Windows\System\LSuuxNX.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\fUvfQTa.exe
  C:\Windows\System\fUvfQTa.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\zNfpnor.exe
  C:\Windows\System\zNfpnor.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\qnOVPXr.exe
  C:\Windows\System\qnOVPXr.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\WlyQFrx.exe
  C:\Windows\System\WlyQFrx.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\PDweynS.exe
  C:\Windows\System\PDweynS.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\thCMylw.exe
  C:\Windows\System\thCMylw.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\ouxhGJQ.exe
  C:\Windows\System\ouxhGJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\NKpuGyE.exe
  C:\Windows\System\NKpuGyE.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\wCPucrK.exe
  C:\Windows\System\wCPucrK.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\mymLBme.exe
  C:\Windows\System\mymLBme.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\jRAqFHT.exe
  C:\Windows\System\jRAqFHT.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\lzAVXno.exe
  C:\Windows\System\lzAVXno.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\NqDOMfb.exe
  C:\Windows\System\NqDOMfb.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\nxMvvnS.exe
  C:\Windows\System\nxMvvnS.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\FvKKNKB.exe
  C:\Windows\System\FvKKNKB.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\UZVQWcF.exe
  C:\Windows\System\UZVQWcF.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\bILqGGj.exe
  C:\Windows\System\bILqGGj.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\YFhaRLP.exe
  C:\Windows\System\YFhaRLP.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\WuIEROy.exe
  C:\Windows\System\WuIEROy.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\bmmPAGQ.exe
  C:\Windows\System\bmmPAGQ.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\MzBvBRY.exe
  C:\Windows\System\MzBvBRY.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\nRxdEMf.exe
  C:\Windows\System\nRxdEMf.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\OjDRBdm.exe
  C:\Windows\System\OjDRBdm.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\aFVQPpw.exe
  C:\Windows\System\aFVQPpw.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\qmHbAOD.exe
  C:\Windows\System\qmHbAOD.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\tFgvGfM.exe
  C:\Windows\System\tFgvGfM.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\kSRMyrb.exe
  C:\Windows\System\kSRMyrb.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\eBLmSSO.exe
  C:\Windows\System\eBLmSSO.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\obqcXWT.exe
  C:\Windows\System\obqcXWT.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\pLVuWPI.exe
  C:\Windows\System\pLVuWPI.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\sVidPDo.exe
  C:\Windows\System\sVidPDo.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\xtZfjwK.exe
  C:\Windows\System\xtZfjwK.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\XdKJWXD.exe
  C:\Windows\System\XdKJWXD.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\QCoqHUx.exe
  C:\Windows\System\QCoqHUx.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\yDFOAsW.exe
  C:\Windows\System\yDFOAsW.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\ykQONaV.exe
  C:\Windows\System\ykQONaV.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\WTIqhEm.exe
  C:\Windows\System\WTIqhEm.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\eGsmJDr.exe
  C:\Windows\System\eGsmJDr.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\sTyaDCR.exe
  C:\Windows\System\sTyaDCR.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\rJQGQOw.exe
  C:\Windows\System\rJQGQOw.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\vESTCLZ.exe
  C:\Windows\System\vESTCLZ.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\RvvsLoR.exe
  C:\Windows\System\RvvsLoR.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\FDQtMcL.exe
  C:\Windows\System\FDQtMcL.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\TLOBakF.exe
  C:\Windows\System\TLOBakF.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\zLOtdGq.exe
  C:\Windows\System\zLOtdGq.exe
  2⤵
  PID:3052
- C:\Windows\System\hNVRlte.exe
  C:\Windows\System\hNVRlte.exe
  2⤵
  PID:3080
- C:\Windows\System\BsvSjJs.exe
  C:\Windows\System\BsvSjJs.exe
  2⤵
  PID:432
- C:\Windows\System\sZXLrto.exe
  C:\Windows\System\sZXLrto.exe
  2⤵
  PID:1416
- C:\Windows\System\pyVuEfe.exe
  C:\Windows\System\pyVuEfe.exe
  2⤵
  PID:2132
- C:\Windows\System\fZWJFTF.exe
  C:\Windows\System\fZWJFTF.exe
  2⤵
  PID:1624
- C:\Windows\System\YfgxaOO.exe
  C:\Windows\System\YfgxaOO.exe
  2⤵
  PID:4784
- C:\Windows\System\saflAMP.exe
  C:\Windows\System\saflAMP.exe
  2⤵
  PID:3520
- C:\Windows\System\CECcRAx.exe
  C:\Windows\System\CECcRAx.exe
  2⤵
  PID:528
- C:\Windows\System\MgkYqpQ.exe
  C:\Windows\System\MgkYqpQ.exe
  2⤵
  PID:1936
- C:\Windows\System\MIQNecD.exe
  C:\Windows\System\MIQNecD.exe
  2⤵
  PID:960
- C:\Windows\System\BWbXLqz.exe
  C:\Windows\System\BWbXLqz.exe
  2⤵
  PID:1268
- C:\Windows\System\lEziYQb.exe
  C:\Windows\System\lEziYQb.exe
  2⤵
  PID:3892
- C:\Windows\System\ERckfVu.exe
  C:\Windows\System\ERckfVu.exe
  2⤵
  PID:760
- C:\Windows\System\GMAbyit.exe
  C:\Windows\System\GMAbyit.exe
  2⤵
  PID:64
- C:\Windows\System\TjpcPlQ.exe
  C:\Windows\System\TjpcPlQ.exe
  2⤵
  PID:4992
- C:\Windows\System\BnaPJrv.exe
  C:\Windows\System\BnaPJrv.exe
  2⤵
  PID:1296
- C:\Windows\System\dIUuXKr.exe
  C:\Windows\System\dIUuXKr.exe
  2⤵
  PID:2916
- C:\Windows\System\aXaxpBq.exe
  C:\Windows\System\aXaxpBq.exe
  2⤵
  PID:1444
- C:\Windows\System\AetOvfU.exe
  C:\Windows\System\AetOvfU.exe
  2⤵
  PID:3040
- C:\Windows\System\LLLbsqi.exe
  C:\Windows\System\LLLbsqi.exe
  2⤵
  PID:1644
- C:\Windows\System\lmmtEIp.exe
  C:\Windows\System\lmmtEIp.exe
  2⤵
  PID:2044
- C:\Windows\System\FolvZhm.exe
  C:\Windows\System\FolvZhm.exe
  2⤵
  PID:5140
- C:\Windows\System\NWOKUxC.exe
  C:\Windows\System\NWOKUxC.exe
  2⤵
  PID:5156
- C:\Windows\System\LXXyLGy.exe
  C:\Windows\System\LXXyLGy.exe
  2⤵
  PID:5172
- C:\Windows\System\xQabncb.exe
  C:\Windows\System\xQabncb.exe
  2⤵
  PID:5188
- C:\Windows\System\sfVcted.exe
  C:\Windows\System\sfVcted.exe
  2⤵
  PID:5204
- C:\Windows\System\BBjLJrl.exe
  C:\Windows\System\BBjLJrl.exe
  2⤵
  PID:5220
- C:\Windows\System\vXoSxnj.exe
  C:\Windows\System\vXoSxnj.exe
  2⤵
  PID:5248
- C:\Windows\System\aHnJnfP.exe
  C:\Windows\System\aHnJnfP.exe
  2⤵
  PID:5268
- C:\Windows\System\qkgPdIP.exe
  C:\Windows\System\qkgPdIP.exe
  2⤵
  PID:5288
- C:\Windows\System\ntjKnkr.exe
  C:\Windows\System\ntjKnkr.exe
  2⤵
  PID:5308
- C:\Windows\System\skFhJsx.exe
  C:\Windows\System\skFhJsx.exe
  2⤵
  PID:5328
- C:\Windows\System\LfPpTjs.exe
  C:\Windows\System\LfPpTjs.exe
  2⤵
  PID:5360
- C:\Windows\System\YTIFIUc.exe
  C:\Windows\System\YTIFIUc.exe
  2⤵
  PID:5376
- C:\Windows\System\lWgVodE.exe
  C:\Windows\System\lWgVodE.exe
  2⤵
  PID:5400
- C:\Windows\System\houjEri.exe
  C:\Windows\System\houjEri.exe
  2⤵
  PID:5424
- C:\Windows\System\wivxEBI.exe
  C:\Windows\System\wivxEBI.exe
  2⤵
  PID:5440
- C:\Windows\System\UvsReDO.exe
  C:\Windows\System\UvsReDO.exe
  2⤵
  PID:5464
- C:\Windows\System\noGfSEt.exe
  C:\Windows\System\noGfSEt.exe
  2⤵
  PID:5484
- C:\Windows\System\LTonRSv.exe
  C:\Windows\System\LTonRSv.exe
  2⤵
  PID:5528
- C:\Windows\System\efRnRZz.exe
  C:\Windows\System\efRnRZz.exe
  2⤵
  PID:5544
- C:\Windows\System\NuMDbMY.exe
  C:\Windows\System\NuMDbMY.exe
  2⤵
  PID:5564
- C:\Windows\System\JDzxZtB.exe
  C:\Windows\System\JDzxZtB.exe
  2⤵
  PID:5588
- C:\Windows\System\LMHpEHA.exe
  C:\Windows\System\LMHpEHA.exe
  2⤵
  PID:5608
- C:\Windows\System\AyBuwPO.exe
  C:\Windows\System\AyBuwPO.exe
  2⤵
  PID:5628
- C:\Windows\System\FnAckam.exe
  C:\Windows\System\FnAckam.exe
  2⤵
  PID:5652
- C:\Windows\System\pMETNSg.exe
  C:\Windows\System\pMETNSg.exe
  2⤵
  PID:5904
- C:\Windows\System\eGRYhfi.exe
  C:\Windows\System\eGRYhfi.exe
  2⤵
  PID:5928
- C:\Windows\System\WVWXSIN.exe
  C:\Windows\System\WVWXSIN.exe
  2⤵
  PID:5948
- C:\Windows\System\FKbpBqr.exe
  C:\Windows\System\FKbpBqr.exe
  2⤵
  PID:5972
- C:\Windows\System\YJLvESd.exe
  C:\Windows\System\YJLvESd.exe
  2⤵
  PID:5996
- C:\Windows\System\foNgomi.exe
  C:\Windows\System\foNgomi.exe
  2⤵
  PID:6012
- C:\Windows\System\PrqDuUM.exe
  C:\Windows\System\PrqDuUM.exe
  2⤵
  PID:6036
- C:\Windows\System\JaXCGWM.exe
  C:\Windows\System\JaXCGWM.exe
  2⤵
  PID:6056
- C:\Windows\System\buplDZg.exe
  C:\Windows\System\buplDZg.exe
  2⤵
  PID:6076
- C:\Windows\System\eZlsGNY.exe
  C:\Windows\System\eZlsGNY.exe
  2⤵
  PID:6096
- C:\Windows\System\CAIRwqW.exe
  C:\Windows\System\CAIRwqW.exe
  2⤵
  PID:6120
- C:\Windows\System\MGqpTIq.exe
  C:\Windows\System\MGqpTIq.exe
  2⤵
  PID:6136
- C:\Windows\System\HNcpvbI.exe
  C:\Windows\System\HNcpvbI.exe
  2⤵
  PID:316
- C:\Windows\System\IydNyiL.exe
  C:\Windows\System\IydNyiL.exe
  2⤵
  PID:3596
- C:\Windows\System\BqeJxkl.exe
  C:\Windows\System\BqeJxkl.exe
  2⤵
  PID:4736
- C:\Windows\System\qdIqSCD.exe
  C:\Windows\System\qdIqSCD.exe
  2⤵
  PID:3992
- C:\Windows\System\tFbsodM.exe
  C:\Windows\System\tFbsodM.exe
  2⤵
  PID:608
- C:\Windows\System\bhQpQdt.exe
  C:\Windows\System\bhQpQdt.exe
  2⤵
  PID:4492
- C:\Windows\System\oAxkEKn.exe
  C:\Windows\System\oAxkEKn.exe
  2⤵
  PID:5372
- C:\Windows\System\WlGCJZw.exe
  C:\Windows\System\WlGCJZw.exe
  2⤵
  PID:5412
- C:\Windows\System\WuyMQrA.exe
  C:\Windows\System\WuyMQrA.exe
  2⤵
  PID:5456
- C:\Windows\System\LwitLYp.exe
  C:\Windows\System\LwitLYp.exe
  2⤵
  PID:5536
- C:\Windows\System\AmzNfto.exe
  C:\Windows\System\AmzNfto.exe
  2⤵
  PID:5560
- C:\Windows\System\KOqRoqJ.exe
  C:\Windows\System\KOqRoqJ.exe
  2⤵
  PID:5596
- C:\Windows\System\TZoqRLV.exe
  C:\Windows\System\TZoqRLV.exe
  2⤵
  PID:1000
- C:\Windows\System\AKXCRYX.exe
  C:\Windows\System\AKXCRYX.exe
  2⤵
  PID:5984
- C:\Windows\System\kVYdcKE.exe
  C:\Windows\System\kVYdcKE.exe
  2⤵
  PID:6048
- C:\Windows\System\TKouyHN.exe
  C:\Windows\System\TKouyHN.exe
  2⤵
  PID:6104
- C:\Windows\System\bbXOiRr.exe
  C:\Windows\System\bbXOiRr.exe
  2⤵
  PID:2136
- C:\Windows\System\ALweUTR.exe
  C:\Windows\System\ALweUTR.exe
  2⤵
  PID:4448
- C:\Windows\System\rRrRkkb.exe
  C:\Windows\System\rRrRkkb.exe
  2⤵
  PID:4572
- C:\Windows\System\ZBiDrih.exe
  C:\Windows\System\ZBiDrih.exe
  2⤵
  PID:1836
- C:\Windows\System\GBAxvFy.exe
  C:\Windows\System\GBAxvFy.exe
  2⤵
  PID:1388
- C:\Windows\System\IWZgVwQ.exe
  C:\Windows\System\IWZgVwQ.exe
  2⤵
  PID:2756
- C:\Windows\System\MGxVLCl.exe
  C:\Windows\System\MGxVLCl.exe
  2⤵
  PID:3604
- C:\Windows\System\FKseTCK.exe
  C:\Windows\System\FKseTCK.exe
  2⤵
  PID:3432
- C:\Windows\System\oaLfGmP.exe
  C:\Windows\System\oaLfGmP.exe
  2⤵
  PID:6168
- C:\Windows\System\AcVBUQV.exe
  C:\Windows\System\AcVBUQV.exe
  2⤵
  PID:6204
- C:\Windows\System\uzQqCml.exe
  C:\Windows\System\uzQqCml.exe
  2⤵
  PID:6224
- C:\Windows\System\UZBaTSf.exe
  C:\Windows\System\UZBaTSf.exe
  2⤵
  PID:6248
- C:\Windows\System\ccAfuzy.exe
  C:\Windows\System\ccAfuzy.exe
  2⤵
  PID:6268
- C:\Windows\System\KjiKQqr.exe
  C:\Windows\System\KjiKQqr.exe
  2⤵
  PID:6288
- C:\Windows\System\eGoIngi.exe
  C:\Windows\System\eGoIngi.exe
  2⤵
  PID:6308
- C:\Windows\System\QJwCBwS.exe
  C:\Windows\System\QJwCBwS.exe
  2⤵
  PID:6332
- C:\Windows\System\IDZBZyN.exe
  C:\Windows\System\IDZBZyN.exe
  2⤵
  PID:6348
- C:\Windows\System\WlPtxIT.exe
  C:\Windows\System\WlPtxIT.exe
  2⤵
  PID:6364
- C:\Windows\System\KEJdKCH.exe
  C:\Windows\System\KEJdKCH.exe
  2⤵
  PID:6380
- C:\Windows\System\AKnxevc.exe
  C:\Windows\System\AKnxevc.exe
  2⤵
  PID:6400
- C:\Windows\System\NebRfxB.exe
  C:\Windows\System\NebRfxB.exe
  2⤵
  PID:6416
- C:\Windows\System\FmmJuYZ.exe
  C:\Windows\System\FmmJuYZ.exe
  2⤵
  PID:6432
- C:\Windows\System\AAoyNHi.exe
  C:\Windows\System\AAoyNHi.exe
  2⤵
  PID:6548
- C:\Windows\System\LtACWbC.exe
  C:\Windows\System\LtACWbC.exe
  2⤵
  PID:6572
- C:\Windows\System\FXIXzIo.exe
  C:\Windows\System\FXIXzIo.exe
  2⤵
  PID:6592
- C:\Windows\System\biCaplU.exe
  C:\Windows\System\biCaplU.exe
  2⤵
  PID:6628
- C:\Windows\System\WSIJwko.exe
  C:\Windows\System\WSIJwko.exe
  2⤵
  PID:6656
- C:\Windows\System\aALwoGD.exe
  C:\Windows\System\aALwoGD.exe
  2⤵
  PID:6680
- C:\Windows\System\IskWSml.exe
  C:\Windows\System\IskWSml.exe
  2⤵
  PID:6700
- C:\Windows\System\hLSLFlZ.exe
  C:\Windows\System\hLSLFlZ.exe
  2⤵
  PID:6716
- C:\Windows\System\CfkLkxm.exe
  C:\Windows\System\CfkLkxm.exe
  2⤵
  PID:6732
- C:\Windows\System\sQrjHLa.exe
  C:\Windows\System\sQrjHLa.exe
  2⤵
  PID:6748
- C:\Windows\System\XKhPUDF.exe
  C:\Windows\System\XKhPUDF.exe
  2⤵
  PID:6764
- C:\Windows\System\lcOCPss.exe
  C:\Windows\System\lcOCPss.exe
  2⤵
  PID:6780
- C:\Windows\System\yUOqllp.exe
  C:\Windows\System\yUOqllp.exe
  2⤵
  PID:6796
- C:\Windows\System\hJeRSuX.exe
  C:\Windows\System\hJeRSuX.exe
  2⤵
  PID:6812
- C:\Windows\System\gNurOqx.exe
  C:\Windows\System\gNurOqx.exe
  2⤵
  PID:6828
- C:\Windows\System\XQfaais.exe
  C:\Windows\System\XQfaais.exe
  2⤵
  PID:6852
- C:\Windows\System\vVkAmCM.exe
  C:\Windows\System\vVkAmCM.exe
  2⤵
  PID:6868
- C:\Windows\System\KCCpqtZ.exe
  C:\Windows\System\KCCpqtZ.exe
  2⤵
  PID:6888
- C:\Windows\System\JAJBlTR.exe
  C:\Windows\System\JAJBlTR.exe
  2⤵
  PID:6908
- C:\Windows\System\ZoCSMUR.exe
  C:\Windows\System\ZoCSMUR.exe
  2⤵
  PID:6948
- C:\Windows\System\RIEpbnM.exe
  C:\Windows\System\RIEpbnM.exe
  2⤵
  PID:6964
- C:\Windows\System\zNAHthQ.exe
  C:\Windows\System\zNAHthQ.exe
  2⤵
  PID:6980
- C:\Windows\System\MdwgNJy.exe
  C:\Windows\System\MdwgNJy.exe
  2⤵
  PID:7000
- C:\Windows\System\kDSrQZI.exe
  C:\Windows\System\kDSrQZI.exe
  2⤵
  PID:7016
- C:\Windows\System\HQMWZCF.exe
  C:\Windows\System\HQMWZCF.exe
  2⤵
  PID:7036
- C:\Windows\System\RgTWVur.exe
  C:\Windows\System\RgTWVur.exe
  2⤵
  PID:7060
- C:\Windows\System\VGYFMBa.exe
  C:\Windows\System\VGYFMBa.exe
  2⤵
  PID:7080
- C:\Windows\System\hNEaFFC.exe
  C:\Windows\System\hNEaFFC.exe
  2⤵
  PID:7100
- C:\Windows\System\sKiUAyk.exe
  C:\Windows\System\sKiUAyk.exe
  2⤵
  PID:7132
- C:\Windows\System\dfvRNCt.exe
  C:\Windows\System\dfvRNCt.exe
  2⤵
  PID:7148
- C:\Windows\System\LcKvxam.exe
  C:\Windows\System\LcKvxam.exe
  2⤵
  PID:7164
- C:\Windows\System\ZLBGwpW.exe
  C:\Windows\System\ZLBGwpW.exe
  2⤵
  PID:6408
- C:\Windows\System\TmbHuYy.exe
  C:\Windows\System\TmbHuYy.exe
  2⤵
  PID:6392
- C:\Windows\System\MAedTmN.exe
  C:\Windows\System\MAedTmN.exe
  2⤵
  PID:5388
- C:\Windows\System\PnxrRnl.exe
  C:\Windows\System\PnxrRnl.exe
  2⤵
  PID:5476
- C:\Windows\System\pKKUiNr.exe
  C:\Windows\System\pKKUiNr.exe
  2⤵
  PID:5552
- C:\Windows\System\IOIiNaU.exe
  C:\Windows\System\IOIiNaU.exe
  2⤵
  PID:5624
- C:\Windows\System\HZzDyQB.exe
  C:\Windows\System\HZzDyQB.exe
  2⤵
  PID:5968
- C:\Windows\System\DGCnRjj.exe
  C:\Windows\System\DGCnRjj.exe
  2⤵
  PID:6084
- C:\Windows\System\VUfaeuQ.exe
  C:\Windows\System\VUfaeuQ.exe
  2⤵
  PID:372
- C:\Windows\System\kUhNpmv.exe
  C:\Windows\System\kUhNpmv.exe
  2⤵
  PID:2552
- C:\Windows\System\bSxugiW.exe
  C:\Windows\System\bSxugiW.exe
  2⤵
  PID:2428
- C:\Windows\System\MDyzViK.exe
  C:\Windows\System\MDyzViK.exe
  2⤵
  PID:2184
- C:\Windows\System\YIopqCM.exe
  C:\Windows\System\YIopqCM.exe
  2⤵
  PID:6152
- C:\Windows\System\sYOkXxt.exe
  C:\Windows\System\sYOkXxt.exe
  2⤵
  PID:6196
- C:\Windows\System\qTVBYQT.exe
  C:\Windows\System\qTVBYQT.exe
  2⤵
  PID:6240
- C:\Windows\System\SVqgSOL.exe
  C:\Windows\System\SVqgSOL.exe
  2⤵
  PID:6296
- C:\Windows\System\SZzytFK.exe
  C:\Windows\System\SZzytFK.exe
  2⤵
  PID:6456
- C:\Windows\System\wrcsKKT.exe
  C:\Windows\System\wrcsKKT.exe
  2⤵
  PID:7184
- C:\Windows\System\JvkDyuP.exe
  C:\Windows\System\JvkDyuP.exe
  2⤵
  PID:7200
- C:\Windows\System\fxBVdMA.exe
  C:\Windows\System\fxBVdMA.exe
  2⤵
  PID:7216
- C:\Windows\System\KwNyKjQ.exe
  C:\Windows\System\KwNyKjQ.exe
  2⤵
  PID:7232
- C:\Windows\System\JwuBYei.exe
  C:\Windows\System\JwuBYei.exe
  2⤵
  PID:7252
- C:\Windows\System\luIRDAO.exe
  C:\Windows\System\luIRDAO.exe
  2⤵
  PID:7272
- C:\Windows\System\XpIoDNm.exe
  C:\Windows\System\XpIoDNm.exe
  2⤵
  PID:7300
- C:\Windows\System\TrNrapZ.exe
  C:\Windows\System\TrNrapZ.exe
  2⤵
  PID:7320
- C:\Windows\System\LNYduUo.exe
  C:\Windows\System\LNYduUo.exe
  2⤵
  PID:7340
- C:\Windows\System\KKfXRyW.exe
  C:\Windows\System\KKfXRyW.exe
  2⤵
  PID:7368
- C:\Windows\System\qKfDmcZ.exe
  C:\Windows\System\qKfDmcZ.exe
  2⤵
  PID:7400
- C:\Windows\System\uWMUIVr.exe
  C:\Windows\System\uWMUIVr.exe
  2⤵
  PID:7416
- C:\Windows\System\AudKdYQ.exe
  C:\Windows\System\AudKdYQ.exe
  2⤵
  PID:7432
- C:\Windows\System\RoHQbYH.exe
  C:\Windows\System\RoHQbYH.exe
  2⤵
  PID:7468
- C:\Windows\System\cIlDhHT.exe
  C:\Windows\System\cIlDhHT.exe
  2⤵
  PID:7484
- C:\Windows\System\MAwXJFv.exe
  C:\Windows\System\MAwXJFv.exe
  2⤵
  PID:7516
- C:\Windows\System\CqjyDbw.exe
  C:\Windows\System\CqjyDbw.exe
  2⤵
  PID:7532
- C:\Windows\System\fGFnXCY.exe
  C:\Windows\System\fGFnXCY.exe
  2⤵
  PID:7564
- C:\Windows\System\brmXqBP.exe
  C:\Windows\System\brmXqBP.exe
  2⤵
  PID:7588
- C:\Windows\System\mGwgxaV.exe
  C:\Windows\System\mGwgxaV.exe
  2⤵
  PID:7604
- C:\Windows\System\fqUbROR.exe
  C:\Windows\System\fqUbROR.exe
  2⤵
  PID:7632
- C:\Windows\System\JxKwmwG.exe
  C:\Windows\System\JxKwmwG.exe
  2⤵
  PID:7648
- C:\Windows\System\uancdol.exe
  C:\Windows\System\uancdol.exe
  2⤵
  PID:7680
- C:\Windows\System\lbpFaqs.exe
  C:\Windows\System\lbpFaqs.exe
  2⤵
  PID:7704
- C:\Windows\System\SQjLDmC.exe
  C:\Windows\System\SQjLDmC.exe
  2⤵
  PID:7720
- C:\Windows\System\RbnTCef.exe
  C:\Windows\System\RbnTCef.exe
  2⤵
  PID:7752
- C:\Windows\System\HESaYHq.exe
  C:\Windows\System\HESaYHq.exe
  2⤵
  PID:7768
- C:\Windows\System\vCmPkBs.exe
  C:\Windows\System\vCmPkBs.exe
  2⤵
  PID:7796
- C:\Windows\System\vBDvkxD.exe
  C:\Windows\System\vBDvkxD.exe
  2⤵
  PID:7812
- C:\Windows\System\zKMoiZN.exe
  C:\Windows\System\zKMoiZN.exe
  2⤵
  PID:7836
- C:\Windows\System\MgGqajO.exe
  C:\Windows\System\MgGqajO.exe
  2⤵
  PID:7856
- C:\Windows\System\OzNgJXD.exe
  C:\Windows\System\OzNgJXD.exe
  2⤵
  PID:7876
- C:\Windows\System\duYsfwU.exe
  C:\Windows\System\duYsfwU.exe
  2⤵
  PID:7900
- C:\Windows\System\UwvfBbr.exe
  C:\Windows\System\UwvfBbr.exe
  2⤵
  PID:7924
- C:\Windows\System\xUDACJu.exe
  C:\Windows\System\xUDACJu.exe
  2⤵
  PID:7940
- C:\Windows\System\DPRXIzk.exe
  C:\Windows\System\DPRXIzk.exe
  2⤵
  PID:7964
- C:\Windows\System\mWFrnwH.exe
  C:\Windows\System\mWFrnwH.exe
  2⤵
  PID:7988
- C:\Windows\System\PAcFwfh.exe
  C:\Windows\System\PAcFwfh.exe
  2⤵
  PID:8004
- C:\Windows\System\WjFqltL.exe
  C:\Windows\System\WjFqltL.exe
  2⤵
  PID:8028
- C:\Windows\System\xNGLaPG.exe
  C:\Windows\System\xNGLaPG.exe
  2⤵
  PID:8072
- C:\Windows\System\FTrSpST.exe
  C:\Windows\System\FTrSpST.exe
  2⤵
  PID:8100
- C:\Windows\System\SYhjCAr.exe
  C:\Windows\System\SYhjCAr.exe
  2⤵
  PID:8120
- C:\Windows\System\qjXvBGm.exe
  C:\Windows\System\qjXvBGm.exe
  2⤵
  PID:8148
- C:\Windows\System\gXeTTMf.exe
  C:\Windows\System\gXeTTMf.exe
  2⤵
  PID:8164
- C:\Windows\System\NporMff.exe
  C:\Windows\System\NporMff.exe
  2⤵
  PID:8180
- C:\Windows\System\neqwIQB.exe
  C:\Windows\System\neqwIQB.exe
  2⤵
  PID:7160
- C:\Windows\System\baPpMDk.exe
  C:\Windows\System\baPpMDk.exe
  2⤵
  PID:6740
- C:\Windows\System\iYOcAUw.exe
  C:\Windows\System\iYOcAUw.exe
  2⤵
  PID:6564
- C:\Windows\System\ndiRbyK.exe
  C:\Windows\System\ndiRbyK.exe
  2⤵
  PID:6600
- C:\Windows\System\aOwXiXh.exe
  C:\Windows\System\aOwXiXh.exe
  2⤵
  PID:6280
- C:\Windows\System\aIvTzlM.exe
  C:\Windows\System\aIvTzlM.exe
  2⤵
  PID:6896
- C:\Windows\System\EJSinjA.exe
  C:\Windows\System\EJSinjA.exe
  2⤵
  PID:6724
- C:\Windows\System\yapcIwW.exe
  C:\Windows\System\yapcIwW.exe
  2⤵
  PID:6788
- C:\Windows\System\yMrBNly.exe
  C:\Windows\System\yMrBNly.exe
  2⤵
  PID:7364
- C:\Windows\System\nKqvIXF.exe
  C:\Windows\System\nKqvIXF.exe
  2⤵
  PID:6212
- C:\Windows\System\hLTOXGZ.exe
  C:\Windows\System\hLTOXGZ.exe
  2⤵
  PID:5448
- C:\Windows\System\dZoAVry.exe
  C:\Windows\System\dZoAVry.exe
  2⤵
  PID:6024
- C:\Windows\System\sZEukBo.exe
  C:\Windows\System\sZEukBo.exe
  2⤵
  PID:2288
- C:\Windows\System\YUFhlBy.exe
  C:\Windows\System\YUFhlBy.exe
  2⤵
  PID:7740
- C:\Windows\System\dTELeMl.exe
  C:\Windows\System\dTELeMl.exe
  2⤵
  PID:7948
- C:\Windows\System\UkJDVsS.exe
  C:\Windows\System\UkJDVsS.exe
  2⤵
  PID:4264
- C:\Windows\System\xoCkVfW.exe
  C:\Windows\System\xoCkVfW.exe
  2⤵
  PID:6976
- C:\Windows\System\zbFrTeY.exe
  C:\Windows\System\zbFrTeY.exe
  2⤵
  PID:8196
- C:\Windows\System\nMFhyrO.exe
  C:\Windows\System\nMFhyrO.exe
  2⤵
  PID:8220
- C:\Windows\System\gixtbug.exe
  C:\Windows\System\gixtbug.exe
  2⤵
  PID:8248
- C:\Windows\System\xudrpzy.exe
  C:\Windows\System\xudrpzy.exe
  2⤵
  PID:8264
- C:\Windows\System\MVWgBbP.exe
  C:\Windows\System\MVWgBbP.exe
  2⤵
  PID:8280
- C:\Windows\System\sKizOpK.exe
  C:\Windows\System\sKizOpK.exe
  2⤵
  PID:8308
- C:\Windows\System\LezgAAm.exe
  C:\Windows\System\LezgAAm.exe
  2⤵
  PID:8328
- C:\Windows\System\dbyCqpe.exe
  C:\Windows\System\dbyCqpe.exe
  2⤵
  PID:8348
- C:\Windows\System\gHarmLV.exe
  C:\Windows\System\gHarmLV.exe
  2⤵
  PID:8372
- C:\Windows\System\fXqWAeK.exe
  C:\Windows\System\fXqWAeK.exe
  2⤵
  PID:8392
- C:\Windows\System\tGVFTvG.exe
  C:\Windows\System\tGVFTvG.exe
  2⤵
  PID:8408
- C:\Windows\System\fBNHXIq.exe
  C:\Windows\System\fBNHXIq.exe
  2⤵
  PID:8424
- C:\Windows\System\WVMQXQA.exe
  C:\Windows\System\WVMQXQA.exe
  2⤵
  PID:8440
- C:\Windows\System\KxGGpuT.exe
  C:\Windows\System\KxGGpuT.exe
  2⤵
  PID:8460
- C:\Windows\System\YAWrprm.exe
  C:\Windows\System\YAWrprm.exe
  2⤵
  PID:8476
- C:\Windows\System\onxNsfT.exe
  C:\Windows\System\onxNsfT.exe
  2⤵
  PID:8500
- C:\Windows\System\AJktyIJ.exe
  C:\Windows\System\AJktyIJ.exe
  2⤵
  PID:8528
- C:\Windows\System\ehYFLdC.exe
  C:\Windows\System\ehYFLdC.exe
  2⤵
  PID:8552
- C:\Windows\System\givSuLt.exe
  C:\Windows\System\givSuLt.exe
  2⤵
  PID:8572
- C:\Windows\System\wogPGly.exe
  C:\Windows\System\wogPGly.exe
  2⤵
  PID:8588
- C:\Windows\System\IAdvaYm.exe
  C:\Windows\System\IAdvaYm.exe
  2⤵
  PID:8612
- C:\Windows\System\tRUxnIf.exe
  C:\Windows\System\tRUxnIf.exe
  2⤵
  PID:8632
- C:\Windows\System\rCZyelv.exe
  C:\Windows\System\rCZyelv.exe
  2⤵
  PID:8648
- C:\Windows\System\IOcJNfW.exe
  C:\Windows\System\IOcJNfW.exe
  2⤵
  PID:8672
- C:\Windows\System\ImvyfKA.exe
  C:\Windows\System\ImvyfKA.exe
  2⤵
  PID:8688
- C:\Windows\System\ADPsAOY.exe
  C:\Windows\System\ADPsAOY.exe
  2⤵
  PID:8712
- C:\Windows\System\wcZavTl.exe
  C:\Windows\System\wcZavTl.exe
  2⤵
  PID:8732
- C:\Windows\System\eIVKklo.exe
  C:\Windows\System\eIVKklo.exe
  2⤵
  PID:8752
- C:\Windows\System\GPrHQht.exe
  C:\Windows\System\GPrHQht.exe
  2⤵
  PID:8772
- C:\Windows\System\WOLColk.exe
  C:\Windows\System\WOLColk.exe
  2⤵
  PID:8792
- C:\Windows\System\urwlTzm.exe
  C:\Windows\System\urwlTzm.exe
  2⤵
  PID:8816
- C:\Windows\System\osaPaOB.exe
  C:\Windows\System\osaPaOB.exe
  2⤵
  PID:8840
- C:\Windows\System\BKIocTD.exe
  C:\Windows\System\BKIocTD.exe
  2⤵
  PID:8856
- C:\Windows\System\AuPIQLb.exe
  C:\Windows\System\AuPIQLb.exe
  2⤵
  PID:8872
- C:\Windows\System\EeBjEmb.exe
  C:\Windows\System\EeBjEmb.exe
  2⤵
  PID:8888
- C:\Windows\System\nYuNfmV.exe
  C:\Windows\System\nYuNfmV.exe
  2⤵
  PID:8908
- C:\Windows\System\MdoDdSt.exe
  C:\Windows\System\MdoDdSt.exe
  2⤵
  PID:8932
- C:\Windows\System\tsZLuSi.exe
  C:\Windows\System\tsZLuSi.exe
  2⤵
  PID:8948
- C:\Windows\System\djODxED.exe
  C:\Windows\System\djODxED.exe
  2⤵
  PID:8976
- C:\Windows\System\azlphTE.exe
  C:\Windows\System\azlphTE.exe
  2⤵
  PID:8996
- C:\Windows\System\xrznDJI.exe
  C:\Windows\System\xrznDJI.exe
  2⤵
  PID:9020
- C:\Windows\System\ggqgJal.exe
  C:\Windows\System\ggqgJal.exe
  2⤵
  PID:9048
- C:\Windows\System\znnqwFJ.exe
  C:\Windows\System\znnqwFJ.exe
  2⤵
  PID:9064
- C:\Windows\System\xmKLxPv.exe
  C:\Windows\System\xmKLxPv.exe
  2⤵
  PID:9084
- C:\Windows\System\NXGuuRH.exe
  C:\Windows\System\NXGuuRH.exe
  2⤵
  PID:9120
- C:\Windows\System\aHZSoHN.exe
  C:\Windows\System\aHZSoHN.exe
  2⤵
  PID:9140
- C:\Windows\System\RpLTsSF.exe
  C:\Windows\System\RpLTsSF.exe
  2⤵
  PID:9164
- C:\Windows\System\AccZgJW.exe
  C:\Windows\System\AccZgJW.exe
  2⤵
  PID:9192
- C:\Windows\System\vSlSuhp.exe
  C:\Windows\System\vSlSuhp.exe
  2⤵
  PID:9208
- C:\Windows\System\WuSfGBo.exe
  C:\Windows\System\WuSfGBo.exe
  2⤵
  PID:7044
- C:\Windows\System\cOrRmoF.exe
  C:\Windows\System\cOrRmoF.exe
  2⤵
  PID:7068
- C:\Windows\System\dpIRpYM.exe
  C:\Windows\System\dpIRpYM.exe
  2⤵
  PID:7144
- C:\Windows\System\gpikhll.exe
  C:\Windows\System\gpikhll.exe
  2⤵
  PID:6652
- C:\Windows\System\gmtHGVl.exe
  C:\Windows\System\gmtHGVl.exe
  2⤵
  PID:7540
- C:\Windows\System\HDdcgll.exe
  C:\Windows\System\HDdcgll.exe
  2⤵
  PID:8176
- C:\Windows\System\nEEtcvS.exe
  C:\Windows\System\nEEtcvS.exe
  2⤵
  PID:4792
- C:\Windows\System\jPDVJjO.exe
  C:\Windows\System\jPDVJjO.exe
  2⤵
  PID:7696
- C:\Windows\System\rpTnhFV.exe
  C:\Windows\System\rpTnhFV.exe
  2⤵
  PID:7748
- C:\Windows\System\OcovXQJ.exe
  C:\Windows\System\OcovXQJ.exe
  2⤵
  PID:6860
- C:\Windows\System\JWJcbFw.exe
  C:\Windows\System\JWJcbFw.exe
  2⤵
  PID:7932
- C:\Windows\System\SVosmeH.exe
  C:\Windows\System\SVosmeH.exe
  2⤵
  PID:8024
- C:\Windows\System\yQbkhoL.exe
  C:\Windows\System\yQbkhoL.exe
  2⤵
  PID:6440
- C:\Windows\System\LfzUhJP.exe
  C:\Windows\System\LfzUhJP.exe
  2⤵
  PID:7192
- C:\Windows\System\YuQsjVm.exe
  C:\Windows\System\YuQsjVm.exe
  2⤵
  PID:7228
- C:\Windows\System\ADVFGuU.exe
  C:\Windows\System\ADVFGuU.exe
  2⤵
  PID:6996
- C:\Windows\System\anmpbPf.exe
  C:\Windows\System\anmpbPf.exe
  2⤵
  PID:7288
- C:\Windows\System\RLbuLOp.exe
  C:\Windows\System\RLbuLOp.exe
  2⤵
  PID:7316
- C:\Windows\System\avICiIu.exe
  C:\Windows\System\avICiIu.exe
  2⤵
  PID:1168
- C:\Windows\System\cWPZNdf.exe
  C:\Windows\System\cWPZNdf.exe
  2⤵
  PID:8404
- C:\Windows\System\reJveAE.exe
  C:\Windows\System\reJveAE.exe
  2⤵
  PID:9236
- C:\Windows\System\cfkZrcG.exe
  C:\Windows\System\cfkZrcG.exe
  2⤵
  PID:9256
- C:\Windows\System\jJssHMD.exe
  C:\Windows\System\jJssHMD.exe
  2⤵
  PID:9280
- C:\Windows\System\xIxeIZg.exe
  C:\Windows\System\xIxeIZg.exe
  2⤵
  PID:9296
- C:\Windows\System\SHsSsxv.exe
  C:\Windows\System\SHsSsxv.exe
  2⤵
  PID:9324
- C:\Windows\System\smMxzPA.exe
  C:\Windows\System\smMxzPA.exe
  2⤵
  PID:9352
- C:\Windows\System\eycmMfy.exe
  C:\Windows\System\eycmMfy.exe
  2⤵
  PID:9372
- C:\Windows\System\FvBJhGs.exe
  C:\Windows\System\FvBJhGs.exe
  2⤵
  PID:9408
- C:\Windows\System\cxibpzy.exe
  C:\Windows\System\cxibpzy.exe
  2⤵
  PID:9428
- C:\Windows\System\cVCGxBS.exe
  C:\Windows\System\cVCGxBS.exe
  2⤵
  PID:9448
- C:\Windows\System\GaYuHRF.exe
  C:\Windows\System\GaYuHRF.exe
  2⤵
  PID:9472
- C:\Windows\System\AMdiBBK.exe
  C:\Windows\System\AMdiBBK.exe
  2⤵
  PID:9492
- C:\Windows\System\XQEtXbP.exe
  C:\Windows\System\XQEtXbP.exe
  2⤵
  PID:9512
- C:\Windows\System\TJQkhbi.exe
  C:\Windows\System\TJQkhbi.exe
  2⤵
  PID:9536
- C:\Windows\System\FRwpcQX.exe
  C:\Windows\System\FRwpcQX.exe
  2⤵
  PID:9556
- C:\Windows\System\nyHNPBs.exe
  C:\Windows\System\nyHNPBs.exe
  2⤵
  PID:9580
- C:\Windows\System\hFVKkGE.exe
  C:\Windows\System\hFVKkGE.exe
  2⤵
  PID:9604
- C:\Windows\System\xfVmkzX.exe
  C:\Windows\System\xfVmkzX.exe
  2⤵
  PID:9624
- C:\Windows\System\dEuslEI.exe
  C:\Windows\System\dEuslEI.exe
  2⤵
  PID:9648
- C:\Windows\System\wEeGYkb.exe
  C:\Windows\System\wEeGYkb.exe
  2⤵
  PID:9668
- C:\Windows\System\prIojzj.exe
  C:\Windows\System\prIojzj.exe
  2⤵
  PID:9688
- C:\Windows\System\ZuYcTsD.exe
  C:\Windows\System\ZuYcTsD.exe
  2⤵
  PID:9716
- C:\Windows\System\jgMwxQF.exe
  C:\Windows\System\jgMwxQF.exe
  2⤵
  PID:9736
- C:\Windows\System\POckRBl.exe
  C:\Windows\System\POckRBl.exe
  2⤵
  PID:9752
- C:\Windows\System\RhnZKXL.exe
  C:\Windows\System\RhnZKXL.exe
  2⤵
  PID:9780
- C:\Windows\System\EpEMvbC.exe
  C:\Windows\System\EpEMvbC.exe
  2⤵
  PID:9800
- C:\Windows\System\UibcOhC.exe
  C:\Windows\System\UibcOhC.exe
  2⤵
  PID:9820
- C:\Windows\System\uRbyNLL.exe
  C:\Windows\System\uRbyNLL.exe
  2⤵
  PID:9840
- C:\Windows\System\IdExMgt.exe
  C:\Windows\System\IdExMgt.exe
  2⤵
  PID:9860
- C:\Windows\System\fFINLVe.exe
  C:\Windows\System\fFINLVe.exe
  2⤵
  PID:9880
- C:\Windows\System\bWBdnVy.exe
  C:\Windows\System\bWBdnVy.exe
  2⤵
  PID:9904
- C:\Windows\System\pJhIfhG.exe
  C:\Windows\System\pJhIfhG.exe
  2⤵
  PID:9928
- C:\Windows\System\srLeKtw.exe
  C:\Windows\System\srLeKtw.exe
  2⤵
  PID:9952
- C:\Windows\System\jFjxrds.exe
  C:\Windows\System\jFjxrds.exe
  2⤵
  PID:9976
- C:\Windows\System\UbFRRpA.exe
  C:\Windows\System\UbFRRpA.exe
  2⤵
  PID:9996
- C:\Windows\System\koLbQGt.exe
  C:\Windows\System\koLbQGt.exe
  2⤵
  PID:10020
- C:\Windows\System\CqNLUUJ.exe
  C:\Windows\System\CqNLUUJ.exe
  2⤵
  PID:10044
- C:\Windows\System\mewlhdu.exe
  C:\Windows\System\mewlhdu.exe
  2⤵
  PID:10068
- C:\Windows\System\XSIljFK.exe
  C:\Windows\System\XSIljFK.exe
  2⤵
  PID:10088
- C:\Windows\System\kcwdUaG.exe
  C:\Windows\System\kcwdUaG.exe
  2⤵
  PID:10120
- C:\Windows\System\aZukPKO.exe
  C:\Windows\System\aZukPKO.exe
  2⤵
  PID:10136
- C:\Windows\System\UlRBlyE.exe
  C:\Windows\System\UlRBlyE.exe
  2⤵
  PID:10160
- C:\Windows\System\LjDftPR.exe
  C:\Windows\System\LjDftPR.exe
  2⤵
  PID:2780
- C:\Windows\System\LkcDnmu.exe
  C:\Windows\System\LkcDnmu.exe
  2⤵
  PID:8564
- C:\Windows\System\QduzowK.exe
  C:\Windows\System\QduzowK.exe
  2⤵
  PID:8132
- C:\Windows\System\BiyRfrY.exe
  C:\Windows\System\BiyRfrY.exe
  2⤵
  PID:10040
- C:\Windows\System\AntJCpf.exe
  C:\Windows\System\AntJCpf.exe
  2⤵
  PID:6844
- C:\Windows\System\JOPKssb.exe
  C:\Windows\System\JOPKssb.exe
  2⤵
  PID:7664
- C:\Windows\System\tuBLEza.exe
  C:\Windows\System\tuBLEza.exe
  2⤵
  PID:7760
- C:\Windows\System\PDYskgG.exe
  C:\Windows\System\PDYskgG.exe
  2⤵
  PID:6956
- C:\Windows\System\EnMOInP.exe
  C:\Windows\System\EnMOInP.exe
  2⤵
  PID:5236
- C:\Windows\System\JuHbAnz.exe
  C:\Windows\System\JuHbAnz.exe
  2⤵
  PID:8304
- C:\Windows\System\zjuaQZy.exe
  C:\Windows\System\zjuaQZy.exe
  2⤵
  PID:8356
- C:\Windows\System\staIYBD.exe
  C:\Windows\System\staIYBD.exe
  2⤵
  PID:8420
- C:\Windows\System\bYzWFUF.exe
  C:\Windows\System\bYzWFUF.exe
  2⤵
  PID:8472
- C:\Windows\System\jyXEvyz.exe
  C:\Windows\System\jyXEvyz.exe
  2⤵
  PID:8544
- C:\Windows\System\DIXUXLA.exe
  C:\Windows\System\DIXUXLA.exe
  2⤵
  PID:8624
- C:\Windows\System\cLBuVNz.exe
  C:\Windows\System\cLBuVNz.exe
  2⤵
  PID:9744
- C:\Windows\System\tsBWKpV.exe
  C:\Windows\System\tsBWKpV.exe
  2⤵
  PID:10260
- C:\Windows\System\xOXaRHk.exe
  C:\Windows\System\xOXaRHk.exe
  2⤵
  PID:10284
- C:\Windows\System\UKfztuS.exe
  C:\Windows\System\UKfztuS.exe
  2⤵
  PID:10304
- C:\Windows\System\mavZNay.exe
  C:\Windows\System\mavZNay.exe
  2⤵
  PID:10328
- C:\Windows\System\wmVFuBh.exe
  C:\Windows\System\wmVFuBh.exe
  2⤵
  PID:10352
- C:\Windows\System\KOUujpY.exe
  C:\Windows\System\KOUujpY.exe
  2⤵
  PID:10372
- C:\Windows\System\qohCjvm.exe
  C:\Windows\System\qohCjvm.exe
  2⤵
  PID:10392
- C:\Windows\System\XFULYOh.exe
  C:\Windows\System\XFULYOh.exe
  2⤵
  PID:10416
- C:\Windows\System\MqiHsxf.exe
  C:\Windows\System\MqiHsxf.exe
  2⤵
  PID:10444
- C:\Windows\System\iTJjovD.exe
  C:\Windows\System\iTJjovD.exe
  2⤵
  PID:10464
- C:\Windows\System\cQlzHGT.exe
  C:\Windows\System\cQlzHGT.exe
  2⤵
  PID:10484
- C:\Windows\System\zwInibJ.exe
  C:\Windows\System\zwInibJ.exe
  2⤵
  PID:10504
- C:\Windows\System\paFkDxV.exe
  C:\Windows\System\paFkDxV.exe
  2⤵
  PID:10528
- C:\Windows\System\CuZPEOB.exe
  C:\Windows\System\CuZPEOB.exe
  2⤵
  PID:10552
- C:\Windows\System\dUHrfYV.exe
  C:\Windows\System\dUHrfYV.exe
  2⤵
  PID:10572
- C:\Windows\System\mTuOrxg.exe
  C:\Windows\System\mTuOrxg.exe
  2⤵
  PID:10592
- C:\Windows\System\DFusSsZ.exe
  C:\Windows\System\DFusSsZ.exe
  2⤵
  PID:10624
- C:\Windows\System\dVbezLj.exe
  C:\Windows\System\dVbezLj.exe
  2⤵
  PID:10640
- C:\Windows\System\XqcxrHN.exe
  C:\Windows\System\XqcxrHN.exe
  2⤵
  PID:10656
- C:\Windows\System\XecBOXS.exe
  C:\Windows\System\XecBOXS.exe
  2⤵
  PID:10672
- C:\Windows\System\XUCHgTY.exe
  C:\Windows\System\XUCHgTY.exe
  2⤵
  PID:10696
- C:\Windows\System\NvEsIJj.exe
  C:\Windows\System\NvEsIJj.exe
  2⤵
  PID:10716
- C:\Windows\System\mYQOYsg.exe
  C:\Windows\System\mYQOYsg.exe
  2⤵
  PID:10736
- C:\Windows\System\SMUfzLt.exe
  C:\Windows\System\SMUfzLt.exe
  2⤵
  PID:10764
- C:\Windows\System\YxcblQY.exe
  C:\Windows\System\YxcblQY.exe
  2⤵
  PID:10788
- C:\Windows\System\PxyljGC.exe
  C:\Windows\System\PxyljGC.exe
  2⤵
  PID:10812
- C:\Windows\System\NgdReXz.exe
  C:\Windows\System\NgdReXz.exe
  2⤵
  PID:10832
- C:\Windows\System\IvhlxRJ.exe
  C:\Windows\System\IvhlxRJ.exe
  2⤵
  PID:10856
- C:\Windows\System\WWpVwUN.exe
  C:\Windows\System\WWpVwUN.exe
  2⤵
  PID:10880
- C:\Windows\System\YNwvDcb.exe
  C:\Windows\System\YNwvDcb.exe
  2⤵
  PID:10912
- C:\Windows\System\tRYLDwu.exe
  C:\Windows\System\tRYLDwu.exe
  2⤵
  PID:10932
- C:\Windows\System\wXwhDSN.exe
  C:\Windows\System\wXwhDSN.exe
  2⤵
  PID:10948
- C:\Windows\System\eUcuPSu.exe
  C:\Windows\System\eUcuPSu.exe
  2⤵
  PID:10968
- C:\Windows\System\AOwqlUr.exe
  C:\Windows\System\AOwqlUr.exe
  2⤵
  PID:10992
- C:\Windows\System\nJVrEIN.exe
  C:\Windows\System\nJVrEIN.exe
  2⤵
  PID:11012
- C:\Windows\System\itlSxXM.exe
  C:\Windows\System\itlSxXM.exe
  2⤵
  PID:11032
- C:\Windows\System\fDHhyFn.exe
  C:\Windows\System\fDHhyFn.exe
  2⤵
  PID:11052
- C:\Windows\System\UJRKfmB.exe
  C:\Windows\System\UJRKfmB.exe
  2⤵
  PID:11076
- C:\Windows\System\AgKdNEu.exe
  C:\Windows\System\AgKdNEu.exe
  2⤵
  PID:11100
- C:\Windows\System\sLcDGAT.exe
  C:\Windows\System\sLcDGAT.exe
  2⤵
  PID:11128
- C:\Windows\System\IWQTDdG.exe
  C:\Windows\System\IWQTDdG.exe
  2⤵
  PID:11144
- C:\Windows\System\gsEfsqS.exe
  C:\Windows\System\gsEfsqS.exe
  2⤵
  PID:11164
- C:\Windows\System\XwcOdgs.exe
  C:\Windows\System\XwcOdgs.exe
  2⤵
  PID:11192
- C:\Windows\System\OLTjdeH.exe
  C:\Windows\System\OLTjdeH.exe
  2⤵
  PID:11208
- C:\Windows\System\TRfHoPi.exe
  C:\Windows\System\TRfHoPi.exe
  2⤵
  PID:11228
- C:\Windows\System\oCPavtm.exe
  C:\Windows\System\oCPavtm.exe
  2⤵
  PID:11252
- C:\Windows\System\ahYidRn.exe
  C:\Windows\System\ahYidRn.exe
  2⤵
  PID:8900
- C:\Windows\System\ZZavXtI.exe
  C:\Windows\System\ZZavXtI.exe
  2⤵
  PID:8924
- C:\Windows\System\laUuGoa.exe
  C:\Windows\System\laUuGoa.exe
  2⤵
  PID:8944
- C:\Windows\System\MgSeiYP.exe
  C:\Windows\System\MgSeiYP.exe
  2⤵
  PID:9960
- C:\Windows\System\AnOoyxh.exe
  C:\Windows\System\AnOoyxh.exe
  2⤵
  PID:9148
- C:\Windows\System\bEKIEhS.exe
  C:\Windows\System\bEKIEhS.exe
  2⤵
  PID:10108
- C:\Windows\System\ZLgdySu.exe
  C:\Windows\System\ZLgdySu.exe
  2⤵
  PID:10148
- C:\Windows\System\gAdxogP.exe
  C:\Windows\System\gAdxogP.exe
  2⤵
  PID:10180
- C:\Windows\System\OXfuRpv.exe
  C:\Windows\System\OXfuRpv.exe
  2⤵
  PID:8640
- C:\Windows\System\FwoeVZY.exe
  C:\Windows\System\FwoeVZY.exe
  2⤵
  PID:9156
- C:\Windows\System\rfrglih.exe
  C:\Windows\System\rfrglih.exe
  2⤵
  PID:7108
- C:\Windows\System\DofwzcX.exe
  C:\Windows\System\DofwzcX.exe
  2⤵
  PID:2276
- C:\Windows\System\nuhWnwR.exe
  C:\Windows\System\nuhWnwR.exe
  2⤵
  PID:11268
- C:\Windows\System\zgNpjed.exe
  C:\Windows\System\zgNpjed.exe
  2⤵
  PID:11292
- C:\Windows\System\edbGNbZ.exe
  C:\Windows\System\edbGNbZ.exe
  2⤵
  PID:11316
- C:\Windows\System\ijFxtzT.exe
  C:\Windows\System\ijFxtzT.exe
  2⤵
  PID:11332
- C:\Windows\System\SBFsrCk.exe
  C:\Windows\System\SBFsrCk.exe
  2⤵
  PID:11356
- C:\Windows\System\kffpNmg.exe
  C:\Windows\System\kffpNmg.exe
  2⤵
  PID:11384
- C:\Windows\System\MCmoGEJ.exe
  C:\Windows\System\MCmoGEJ.exe
  2⤵
  PID:11404
- C:\Windows\System\ojLuejH.exe
  C:\Windows\System\ojLuejH.exe
  2⤵
  PID:11424
- C:\Windows\System\QRUSoWb.exe
  C:\Windows\System\QRUSoWb.exe
  2⤵
  PID:11444
- C:\Windows\System\kwRAaDe.exe
  C:\Windows\System\kwRAaDe.exe
  2⤵
  PID:11468
- C:\Windows\System\GMHekDU.exe
  C:\Windows\System\GMHekDU.exe
  2⤵
  PID:11492
- C:\Windows\System\bCIZwrz.exe
  C:\Windows\System\bCIZwrz.exe
  2⤵
  PID:11516
- C:\Windows\System\usMwQyn.exe
  C:\Windows\System\usMwQyn.exe
  2⤵
  PID:11536
- C:\Windows\System\BCttxjt.exe
  C:\Windows\System\BCttxjt.exe
  2⤵
  PID:11560
- C:\Windows\System\IIggmNb.exe
  C:\Windows\System\IIggmNb.exe
  2⤵
  PID:11588
- C:\Windows\System\oAnMvqd.exe
  C:\Windows\System\oAnMvqd.exe
  2⤵
  PID:11604
- C:\Windows\System\UcSNUVo.exe
  C:\Windows\System\UcSNUVo.exe
  2⤵
  PID:11620
- C:\Windows\System\zXiwzQa.exe
  C:\Windows\System\zXiwzQa.exe
  2⤵
  PID:11640
- C:\Windows\System\NbfOZEg.exe
  C:\Windows\System\NbfOZEg.exe
  2⤵
  PID:11656
- C:\Windows\System\yOJHLYM.exe
  C:\Windows\System\yOJHLYM.exe
  2⤵
  PID:11672
- C:\Windows\System\EiTCwdv.exe
  C:\Windows\System\EiTCwdv.exe
  2⤵
  PID:11688
- C:\Windows\System\SRpAJTY.exe
  C:\Windows\System\SRpAJTY.exe
  2⤵
  PID:11704
- C:\Windows\System\KsPMdGS.exe
  C:\Windows\System\KsPMdGS.exe
  2⤵
  PID:11720
- C:\Windows\System\aYYdoAr.exe
  C:\Windows\System\aYYdoAr.exe
  2⤵
  PID:11748
- C:\Windows\System\xoIXUxN.exe
  C:\Windows\System\xoIXUxN.exe
  2⤵
  PID:11828
- C:\Windows\System\HNxuSoq.exe
  C:\Windows\System\HNxuSoq.exe
  2⤵
  PID:11868
- C:\Windows\System\OtKNHmp.exe
  C:\Windows\System\OtKNHmp.exe
  2⤵
  PID:11892
- C:\Windows\System\CkBDeGc.exe
  C:\Windows\System\CkBDeGc.exe
  2⤵
  PID:11916
- C:\Windows\System\vwBkWiJ.exe
  C:\Windows\System\vwBkWiJ.exe
  2⤵
  PID:11944
- C:\Windows\System\uwHNyVw.exe
  C:\Windows\System\uwHNyVw.exe
  2⤵
  PID:11964
- C:\Windows\System\vnFsiOB.exe
  C:\Windows\System\vnFsiOB.exe
  2⤵
  PID:11988
- C:\Windows\System\rzDEAtE.exe
  C:\Windows\System\rzDEAtE.exe
  2⤵
  PID:12020
- C:\Windows\System\YheUdcA.exe
  C:\Windows\System\YheUdcA.exe
  2⤵
  PID:12040
- C:\Windows\System\jFLFmOL.exe
  C:\Windows\System\jFLFmOL.exe
  2⤵
  PID:12068
- C:\Windows\System\cWEBZTl.exe
  C:\Windows\System\cWEBZTl.exe
  2⤵
  PID:12092
- C:\Windows\System\iUUyRZj.exe
  C:\Windows\System\iUUyRZj.exe
  2⤵
  PID:12108
- C:\Windows\System\SQOLHZI.exe
  C:\Windows\System\SQOLHZI.exe
  2⤵
  PID:12140
- C:\Windows\System\PBTqsuU.exe
  C:\Windows\System\PBTqsuU.exe
  2⤵
  PID:12160
- C:\Windows\System\XCNsNNS.exe
  C:\Windows\System\XCNsNNS.exe
  2⤵
  PID:12184
- C:\Windows\System\vWrWrRW.exe
  C:\Windows\System\vWrWrRW.exe
  2⤵
  PID:12204
- C:\Windows\System\pUFipZL.exe
  C:\Windows\System\pUFipZL.exe
  2⤵
  PID:12224
- C:\Windows\System\HPnTldG.exe
  C:\Windows\System\HPnTldG.exe
  2⤵
  PID:12248
- C:\Windows\System\ftywQwT.exe
  C:\Windows\System\ftywQwT.exe
  2⤵
  PID:12272
- C:\Windows\System\nOxpTpZ.exe
  C:\Windows\System\nOxpTpZ.exe
  2⤵
  PID:5508
- C:\Windows\System\BXLCfTr.exe
  C:\Windows\System\BXLCfTr.exe
  2⤵
  PID:3584
- C:\Windows\System\nMoqdeI.exe
  C:\Windows\System\nMoqdeI.exe
  2⤵
  PID:6536
- C:\Windows\System\HGcGBXq.exe
  C:\Windows\System\HGcGBXq.exe
  2⤵
  PID:6192
- C:\Windows\System\ETjByWG.exe
  C:\Windows\System\ETjByWG.exe
  2⤵
  PID:7776
- C:\Windows\System\SjPrRHM.exe
  C:\Windows\System\SjPrRHM.exe
  2⤵
  PID:3408
- C:\Windows\System\aKsMXeI.exe
  C:\Windows\System\aKsMXeI.exe
  2⤵
  PID:7212
- C:\Windows\System\XRUYXeE.exe
  C:\Windows\System\XRUYXeE.exe
  2⤵
  PID:8320
- C:\Windows\System\UTEwvOI.exe
  C:\Windows\System\UTEwvOI.exe
  2⤵
  PID:8364
- C:\Windows\System\XvoHRQv.exe
  C:\Windows\System\XvoHRQv.exe
  2⤵
  PID:9248
- C:\Windows\System\ZdjHdWz.exe
  C:\Windows\System\ZdjHdWz.exe
  2⤵
  PID:9292
- C:\Windows\System\WNimIvc.exe
  C:\Windows\System\WNimIvc.exe
  2⤵
  PID:9396
- C:\Windows\System\mmFNcBf.exe
  C:\Windows\System\mmFNcBf.exe
  2⤵
  PID:9440
- C:\Windows\System\QdOLJsi.exe
  C:\Windows\System\QdOLJsi.exe
  2⤵
  PID:9480
- C:\Windows\System\CMovnEM.exe
  C:\Windows\System\CMovnEM.exe
  2⤵
  PID:9544
- C:\Windows\System\yVlvMnB.exe
  C:\Windows\System\yVlvMnB.exe
  2⤵
  PID:9588
- C:\Windows\System\ONKaArB.exe
  C:\Windows\System\ONKaArB.exe
  2⤵
  PID:9636
- C:\Windows\System\vHaMZvL.exe
  C:\Windows\System\vHaMZvL.exe
  2⤵
  PID:9684
- C:\Windows\System\mdHUaAR.exe
  C:\Windows\System\mdHUaAR.exe
  2⤵
  PID:9760
- C:\Windows\System\MzGDKLV.exe
  C:\Windows\System\MzGDKLV.exe
  2⤵
  PID:10252
- C:\Windows\System\dwmkYcL.exe
  C:\Windows\System\dwmkYcL.exe
  2⤵
  PID:10312
- C:\Windows\System\RQUvDwJ.exe
  C:\Windows\System\RQUvDwJ.exe
  2⤵
  PID:10520
- C:\Windows\System\juvptgL.exe
  C:\Windows\System\juvptgL.exe
  2⤵
  PID:10616
- C:\Windows\System\BoNikzE.exe
  C:\Windows\System\BoNikzE.exe
  2⤵
  PID:9812
- C:\Windows\System\UMzPsHS.exe
  C:\Windows\System\UMzPsHS.exe
  2⤵
  PID:10744
- C:\Windows\System\xNYSKlF.exe
  C:\Windows\System\xNYSKlF.exe
  2⤵
  PID:10800
- C:\Windows\System\njcNbeH.exe
  C:\Windows\System\njcNbeH.exe
  2⤵
  PID:9900
- C:\Windows\System\OUifmwi.exe
  C:\Windows\System\OUifmwi.exe
  2⤵
  PID:10852
- C:\Windows\System\nJIWZgL.exe
  C:\Windows\System\nJIWZgL.exe
  2⤵
  PID:10004
- C:\Windows\System\rlsVzRB.exe
  C:\Windows\System\rlsVzRB.exe
  2⤵
  PID:8088
- C:\Windows\System\nTwiSzW.exe
  C:\Windows\System\nTwiSzW.exe
  2⤵
  PID:12300
- C:\Windows\System\dnzjNQu.exe
  C:\Windows\System\dnzjNQu.exe
  2⤵
  PID:12316
- C:\Windows\System\HDYsvAg.exe
  C:\Windows\System\HDYsvAg.exe
  2⤵
  PID:12344
- C:\Windows\System\DujlzZs.exe
  C:\Windows\System\DujlzZs.exe
  2⤵
  PID:12360
- C:\Windows\System\eYJlWVW.exe
  C:\Windows\System\eYJlWVW.exe
  2⤵
  PID:12380
- C:\Windows\System\yyxdIay.exe
  C:\Windows\System\yyxdIay.exe
  2⤵
  PID:12404
- C:\Windows\System\zorQhAP.exe
  C:\Windows\System\zorQhAP.exe
  2⤵
  PID:12424
- C:\Windows\System\WpDUZKP.exe
  C:\Windows\System\WpDUZKP.exe
  2⤵
  PID:12440
- C:\Windows\System\jNihOMC.exe
  C:\Windows\System\jNihOMC.exe
  2⤵
  PID:12492
- C:\Windows\System\RzDbWGj.exe
  C:\Windows\System\RzDbWGj.exe
  2⤵
  PID:12520
- C:\Windows\System\BlNrfAd.exe
  C:\Windows\System\BlNrfAd.exe
  2⤵
  PID:12536
- C:\Windows\System\jhDUcvu.exe
  C:\Windows\System\jhDUcvu.exe
  2⤵
  PID:12568
- C:\Windows\System\xfEOHzJ.exe
  C:\Windows\System\xfEOHzJ.exe
  2⤵
  PID:12596
- C:\Windows\System\oXQFyyF.exe
  C:\Windows\System\oXQFyyF.exe
  2⤵
  PID:12620
- C:\Windows\System\EBJXXWr.exe
  C:\Windows\System\EBJXXWr.exe
  2⤵
  PID:12644
- C:\Windows\System\JffmlFT.exe
  C:\Windows\System\JffmlFT.exe
  2⤵
  PID:12664
- C:\Windows\System\YCHuski.exe
  C:\Windows\System\YCHuski.exe
  2⤵
  PID:12684
- C:\Windows\System\lIwldWx.exe
  C:\Windows\System\lIwldWx.exe
  2⤵
  PID:12704
- C:\Windows\System\hGSsBmW.exe
  C:\Windows\System\hGSsBmW.exe
  2⤵
  PID:12724
- C:\Windows\System\BLfqCkM.exe
  C:\Windows\System\BLfqCkM.exe
  2⤵
  PID:12748
- C:\Windows\System\IVCcyhx.exe
  C:\Windows\System\IVCcyhx.exe
  2⤵
  PID:12772
- C:\Windows\System\DtmRcKA.exe
  C:\Windows\System\DtmRcKA.exe
  2⤵
  PID:12800
- C:\Windows\System\QILWpXS.exe
  C:\Windows\System\QILWpXS.exe
  2⤵
  PID:12816
- C:\Windows\System\RpyDhQT.exe
  C:\Windows\System\RpyDhQT.exe
  2⤵
  PID:12840
- C:\Windows\System\iaDBZvN.exe
  C:\Windows\System\iaDBZvN.exe
  2⤵
  PID:12864
- C:\Windows\System\cwRlKTA.exe
  C:\Windows\System\cwRlKTA.exe
  2⤵
  PID:12884
- C:\Windows\System\ooAPgnM.exe
  C:\Windows\System\ooAPgnM.exe
  2⤵
  PID:12908
- C:\Windows\System\PpOIFfG.exe
  C:\Windows\System\PpOIFfG.exe
  2⤵
  PID:12952
- C:\Windows\System\prStKtO.exe
  C:\Windows\System\prStKtO.exe
  2⤵
  PID:12980
- C:\Windows\System\yYBZzDR.exe
  C:\Windows\System\yYBZzDR.exe
  2⤵
  PID:13016
- C:\Windows\System\iArhQlB.exe
  C:\Windows\System\iArhQlB.exe
  2⤵
  PID:13032
- C:\Windows\System\CDtzmxK.exe
  C:\Windows\System\CDtzmxK.exe
  2⤵
  PID:13060
- C:\Windows\System\cYbaYEo.exe
  C:\Windows\System\cYbaYEo.exe
  2⤵
  PID:13084
- C:\Windows\System\ZCryEvo.exe
  C:\Windows\System\ZCryEvo.exe
  2⤵
  PID:13108
- C:\Windows\System\keFeEKi.exe
  C:\Windows\System\keFeEKi.exe
  2⤵
  PID:13128
- C:\Windows\System\yUBfYiM.exe
  C:\Windows\System\yUBfYiM.exe
  2⤵
  PID:13148
- C:\Windows\System\tazXliD.exe
  C:\Windows\System\tazXliD.exe
  2⤵
  PID:13168
- C:\Windows\System\cCDhEoH.exe
  C:\Windows\System\cCDhEoH.exe
  2⤵
  PID:13184
- C:\Windows\System\pnEqHry.exe
  C:\Windows\System\pnEqHry.exe
  2⤵
  PID:13200
- C:\Windows\System\QqpsvXl.exe
  C:\Windows\System\QqpsvXl.exe
  2⤵
  PID:13216
- C:\Windows\System\vrvoouM.exe
  C:\Windows\System\vrvoouM.exe
  2⤵
  PID:13232
- C:\Windows\System\HAPVplP.exe
  C:\Windows\System\HAPVplP.exe
  2⤵
  PID:13248
- C:\Windows\System\iwaDTRE.exe
  C:\Windows\System\iwaDTRE.exe
  2⤵
  PID:13264
- C:\Windows\System\IzFbsEX.exe
  C:\Windows\System\IzFbsEX.exe
  2⤵
  PID:13280
- C:\Windows\System\zRgwrGq.exe
  C:\Windows\System\zRgwrGq.exe
  2⤵
  PID:13296
- C:\Windows\System\RMfcSkM.exe
  C:\Windows\System\RMfcSkM.exe
  2⤵
  PID:1984
- C:\Windows\System\MipOdTv.exe
  C:\Windows\System\MipOdTv.exe
  2⤵
  PID:11116
- C:\Windows\System\akYSRJY.exe
  C:\Windows\System\akYSRJY.exe
  2⤵
  PID:7408
- C:\Windows\System\lyLAEeR.exe
  C:\Windows\System\lyLAEeR.exe
  2⤵
  PID:11244
- C:\Windows\System\ndbddlz.exe
  C:\Windows\System\ndbddlz.exe
  2⤵
  PID:1056
- C:\Windows\System\TXjfJAU.exe
  C:\Windows\System\TXjfJAU.exe
  2⤵
  PID:11284
- C:\Windows\System\lRzOzlK.exe
  C:\Windows\System\lRzOzlK.exe
  2⤵
  PID:11420
- C:\Windows\System\dWhYspT.exe
  C:\Windows\System\dWhYspT.exe
  2⤵
  PID:11576
- C:\Windows\System\bZIHeoP.exe
  C:\Windows\System\bZIHeoP.exe
  2⤵
  PID:11680
- C:\Windows\System\SMlYVAf.exe
  C:\Windows\System\SMlYVAf.exe
  2⤵
  PID:6556
- C:\Windows\System\ZSMXvlC.exe
  C:\Windows\System\ZSMXvlC.exe
  2⤵
  PID:10636
- C:\Windows\System\DuNNMsq.exe
  C:\Windows\System\DuNNMsq.exe
  2⤵
  PID:2724
- C:\Windows\System\CImIqpW.exe
  C:\Windows\System\CImIqpW.exe
  2⤵
  PID:6664
- C:\Windows\System\grTJReS.exe
  C:\Windows\System\grTJReS.exe
  2⤵
  PID:7336
- C:\Windows\System\IyRVYSD.exe
  C:\Windows\System\IyRVYSD.exe
  2⤵
  PID:9568
- C:\Windows\System\FgeTXyA.exe
  C:\Windows\System\FgeTXyA.exe
  2⤵
  PID:10296
- C:\Windows\System\CPmdiOr.exe
  C:\Windows\System\CPmdiOr.exe
  2⤵
  PID:12740
- C:\Windows\System\ezYWXOf.exe
  C:\Windows\System\ezYWXOf.exe
  2⤵
  PID:12900
- C:\Windows\System\mwRMKQS.exe
  C:\Windows\System\mwRMKQS.exe
  2⤵
  PID:10888
- C:\Windows\System\euMMQLt.exe
  C:\Windows\System\euMMQLt.exe
  2⤵
  PID:3916
- C:\Windows\System\qVWQkNE.exe
  C:\Windows\System\qVWQkNE.exe
  2⤵
  PID:12916
- C:\Windows\System\gthndrO.exe
  C:\Windows\System\gthndrO.exe
  2⤵
  PID:9072
- C:\Windows\System\IatQGAg.exe
  C:\Windows\System\IatQGAg.exe
  2⤵
  PID:8260
- C:\Windows\System\rNHrQIP.exe
  C:\Windows\System\rNHrQIP.exe
  2⤵
  PID:10588
- C:\Windows\System\afhlJax.exe
  C:\Windows\System\afhlJax.exe
  2⤵
  PID:12264
- C:\Windows\System\IgQXICE.exe
  C:\Windows\System\IgQXICE.exe
  2⤵
  PID:11060
- C:\Windows\System\KdlnSFn.exe
  C:\Windows\System\KdlnSFn.exe
  2⤵
  PID:10432
- C:\Windows\System\XjXOIez.exe
  C:\Windows\System\XjXOIez.exe
  2⤵
  PID:12048
- C:\Windows\System\jHmoofj.exe
  C:\Windows\System\jHmoofj.exe
  2⤵
  PID:4548
- C:\Windows\System\BZPVmMd.exe
  C:\Windows\System\BZPVmMd.exe
  2⤵
  PID:8080
- C:\Windows\System\JBRINdE.exe
  C:\Windows\System\JBRINdE.exe
  2⤵
  PID:2380
- C:\Windows\System\iemKQlB.exe
  C:\Windows\System\iemKQlB.exe
  2⤵
  PID:11488
- C:\Windows\System\GuiFbvy.exe
  C:\Windows\System\GuiFbvy.exe
  2⤵
  PID:12504
- C:\Windows\System\BFphPlY.exe
  C:\Windows\System\BFphPlY.exe
  2⤵
  PID:12528
- C:\Windows\System\qekqTAu.exe
  C:\Windows\System\qekqTAu.exe
  2⤵
  PID:13076
- C:\Windows\System\nLVnhDy.exe
  C:\Windows\System\nLVnhDy.exe
  2⤵
  PID:13120
- C:\Windows\System\PcptQUB.exe
  C:\Windows\System\PcptQUB.exe
  2⤵
  PID:12672
- C:\Windows\System\DcLxmKT.exe
  C:\Windows\System\DcLxmKT.exe
  2⤵
  PID:11824
- C:\Windows\System\mCikqvw.exe
  C:\Windows\System\mCikqvw.exe
  2⤵
  PID:3472
- C:\Windows\System\ZQUfpam.exe
  C:\Windows\System\ZQUfpam.exe
  2⤵
  PID:4500
- C:\Windows\System\dDsVXUt.exe
  C:\Windows\System\dDsVXUt.exe
  2⤵
  PID:2748
- C:\Windows\System\jIaSldS.exe
  C:\Windows\System\jIaSldS.exe
  2⤵
  PID:676
- C:\Windows\System\TiZOqfL.exe
  C:\Windows\System\TiZOqfL.exe
  2⤵
  PID:4700
- C:\Windows\System\YKZvAPE.exe
  C:\Windows\System\YKZvAPE.exe
  2⤵
  PID:2976
- C:\Windows\System\HTgnyRr.exe
  C:\Windows\System\HTgnyRr.exe
  2⤵
  PID:10360
- C:\Windows\System\RjLNlJj.exe
  C:\Windows\System\RjLNlJj.exe
  2⤵
  PID:9276
- C:\Windows\System\apOuhLC.exe
  C:\Windows\System\apOuhLC.exe
  2⤵
  PID:10384
- C:\Windows\System\azYmzRy.exe
  C:\Windows\System\azYmzRy.exe
  2⤵
  PID:9656
- C:\Windows\System\RxCoHQL.exe
  C:\Windows\System\RxCoHQL.exe
  2⤵
  PID:12632
- C:\Windows\System\FnkYmIw.exe
  C:\Windows\System\FnkYmIw.exe
  2⤵
  PID:11004
- C:\Windows\System\DqqUAqU.exe
  C:\Windows\System\DqqUAqU.exe
  2⤵
  PID:220
- C:\Windows\System\qJwtEiE.exe
  C:\Windows\System\qJwtEiE.exe
  2⤵
  PID:9888
- C:\Windows\System\CnLtpPU.exe
  C:\Windows\System\CnLtpPU.exe
  2⤵
  PID:11888
- C:\Windows\System\mMXeieI.exe
  C:\Windows\System\mMXeieI.exe
  2⤵
  PID:13256
- C:\Windows\System\tPiDLtK.exe
  C:\Windows\System\tPiDLtK.exe
  2⤵
  PID:11544
- C:\Windows\System\DNicVgT.exe
  C:\Windows\System\DNicVgT.exe
  2⤵
  PID:13124
- C:\Windows\System\gtekkZt.exe
  C:\Windows\System\gtekkZt.exe
  2⤵
  PID:13140
- C:\Windows\System\FhBlFOt.exe
  C:\Windows\System\FhBlFOt.exe
  2⤵
  PID:12312
- C:\Windows\System\QunXRWb.exe
  C:\Windows\System\QunXRWb.exe
  2⤵
  PID:8388
- C:\Windows\System\nJbnxJh.exe
  C:\Windows\System\nJbnxJh.exe
  2⤵
  PID:12768
- C:\Windows\System\jaynwWx.exe
  C:\Windows\System\jaynwWx.exe
  2⤵
  PID:2492
- C:\Windows\System\KtbDmUy.exe
  C:\Windows\System\KtbDmUy.exe
  2⤵
  PID:12212
- C:\Windows\System\WFSoaSo.exe
  C:\Windows\System\WFSoaSo.exe
  2⤵
  PID:12652
- C:\Windows\System\SyFHwKK.exe
  C:\Windows\System\SyFHwKK.exe
  2⤵
  PID:12996
- C:\Windows\System\GasbXxg.exe
  C:\Windows\System\GasbXxg.exe
  2⤵
  PID:10708
- C:\Windows\System\LnoFKeY.exe
  C:\Windows\System\LnoFKeY.exe
  2⤵
  PID:4584
- C:\Windows\System\VpNosRH.exe
  C:\Windows\System\VpNosRH.exe
  2⤵
  PID:11960
- C:\Windows\System\CzbHHPo.exe
  C:\Windows\System\CzbHHPo.exe
  2⤵
  PID:6640
- C:\Windows\System\dLugULw.exe
  C:\Windows\System\dLugULw.exe
  2⤵
  PID:12896
- C:\Windows\System\AWIMGbu.exe
  C:\Windows\System\AWIMGbu.exe
  2⤵
  PID:12296
- C:\Windows\System\bMKdnop.exe
  C:\Windows\System\bMKdnop.exe
  2⤵
  PID:6688
- C:\Windows\System\wnsiVCE.exe
  C:\Windows\System\wnsiVCE.exe
  2⤵
  PID:12116
- C:\Windows\System\AxCAMls.exe
  C:\Windows\System\AxCAMls.exe
  2⤵
  PID:8668
- C:\Windows\System\bOpzTch.exe
  C:\Windows\System\bOpzTch.exe
  2⤵
  PID:10648
- C:\Windows\System\lWhlnYd.exe
  C:\Windows\System\lWhlnYd.exe
  2⤵
  PID:13052
- C:\Windows\System\ewamAuw.exe
  C:\Windows\System\ewamAuw.exe
  2⤵
  PID:11436
- C:\Windows\System\eLiJotn.exe
  C:\Windows\System\eLiJotn.exe
  2⤵
  PID:1156

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 1432 -i 1432 -h 412 -j 468 -s 404 -d 0
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:10300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_huq2iu03.3qz.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BiqKupT.exe

Filesize
1.9MB

MD5
a09f2c27b0d955cae4bb1df893508e35

SHA1
e3a4a18b6f07c860f4c68355feb7e05a428ca28b

SHA256
96c70e669485962842e8a584872e91cf6b61c26d41ee34236cbaaa6a56385fe7

SHA512
6eafe17cde7f39129064c3a5fd93457d2357140250ee5247e7aeed4b838f1fcfbe405daab230699d3a6c2e8f8e6cc7a35bdac61acca24de786afd389e59cf240

Download Submit
C:\Windows\System\DwPBUXq.exe

Filesize
1.9MB

MD5
702e944e65b788bbfcdd290fcdd8c6dc

SHA1
d8c99b46d9dad5bf8cce59a3692ce9469c44e340

SHA256
76bb20ee104c9b9f3b441e856df39de474204c726532f399e66ea33d2c6ec54a

SHA512
68c956d1a594ccc074e8242e4d76742999773486101ed88b20cfb1dc8ba8965787ba3efb39af0dbe25770d6f13fe517d5708afc1eb4b126575805ec1df1dc3a6

Download Submit
C:\Windows\System\DzFrnNz.exe

Filesize
1.9MB

MD5
0c6ef72f3b007983076643baf198b2c7

SHA1
efd0ee1e10d4b5e663cc24a0aad2160d0b963eb0

SHA256
1e33a8515c2ec8f83fb61258d2b02e76efb6c67147103371dcff037ea8f27c98

SHA512
fef4954ab79c81f9885801fc6344e59e7d649fe400eef2aadd56fb2230350c6f618b4d7829deef21338d17558b5a088958473173f3089c28f3a0ec337a086bfd

Download Submit
C:\Windows\System\FvKKNKB.exe

Filesize
1.9MB

MD5
2024ff7a5182e3268a5f5387910c04c6

SHA1
f2b0863d558d7dd3f818a08e4a874d3ef96fd6e5

SHA256
af50115ebe74935bc2c915712c2713066b0ff20393f1395ff6226931395360ff

SHA512
7d0d4462329537ac6f4d177816b138477e0516699e28f0d7a144badbf2390f26281707c69d789cc9c8ef9ee14575c5c872a7a28e11adf490cb45d8d327f86c16

Download Submit
C:\Windows\System\GaAChRq.exe

Filesize
8B

MD5
a8f2921c80c15a3d426e5fdff8a56196

SHA1
4dc21bf95e22427a9dafcd4930e81b62e77d5fda

SHA256
7e9bbeeba45dae16f8c444596ee4180d7313e899e46fa6263fde6904f32d92a1

SHA512
996666f646b1878ee129a778184f9520541ee458797b8bfaefed6e1f152a5436e0ff19d28744463b706ffe3e24e429f5af102aa1e7733dbeeb6210754c828802

Download Submit
C:\Windows\System\LSuuxNX.exe

Filesize
1.9MB

MD5
1b667bf4236f6860fcd2e9e387d3964b

SHA1
806c08aa80ebe74ca57b4e413d466f4bd8ec194d

SHA256
a86dd09ab39d158aab4ed01ff55dca1bfb47fcda5a5a99d80c8565cc0b95652b

SHA512
6919e6233fd04d3b47bb5702119b45be035e652c66371ec14edf26d0a4342918c1da25cf466fc4a71231417d043c10a061f06a86d382b419158702a1f727a8d8

Download Submit
C:\Windows\System\LrvSoGk.exe

Filesize
1.9MB

MD5
0879e792650530b60d1834d6694db3e4

SHA1
df49e852d11016363eeda718eaf3ce2f66c0b101

SHA256
bcd731b20abef0effcf9fe61d10ee4d4186ce3c2a1e1d8663fec51761e4988aa

SHA512
c5e10ba2de742067ab8e7a1c4022f591a912d83962af70d8c89999e4289e1a030d8e64b91e93cc248bb0e676e8cb284b854247519be3ba9ab8755ce896130e42

Download Submit
C:\Windows\System\NKpuGyE.exe

Filesize
1.9MB

MD5
a0cb2e9a0634bccb7ca2b80646556ff6

SHA1
bff0205f7475176df14f629eb5ad9d17cd39c0f1

SHA256
f7b300e5be6d273be056fee596ada6492c4c6925df9ee9e1257dc45576909bf2

SHA512
c97946f5c419a35ad8d4ac172ec0c934faf303acc0bbd38de018655780a18f0c5fa82820591e503883a42d18c74bbe503f0d7e6d192932647dd1629dc147cc72

Download Submit
C:\Windows\System\NqDOMfb.exe

Filesize
1.9MB

MD5
9dc8650891ddcde4f891b0d17360c0f4

SHA1
817ace876f75e6dcc35661d106f661eb468d9abd

SHA256
2e43c555ad454e5863587e4df015f7a6636e393785f12836cd0c951539f81b6b

SHA512
a739dd5f6647165ed0a6e1595be8f1e0ceea51d1f8ca50326133aef1c62c0d0bcdb5ef6353dfaadef171cec53dfc569e2e2a1c150bd14e7fce17a69c4028ac41

Download Submit
C:\Windows\System\OjDRBdm.exe

Filesize
1.9MB

MD5
e9723a38f61dff838a253367d92deed3

SHA1
8d80fb68fd8e6965fbc5adbad4c786fbc38aacc0

SHA256
4e7dca03900d24222877fe51f3e3f3bac241df064dbbb1f2c653da3eab064e89

SHA512
6e46366f02e2d2d060ff1e640092d1675094a82a641c0af6f5fefd6b0506f498bcc2d34979c8d4a8d54844134bebbb546771be9ed27830ec5a3757b1c5e1875d

Download Submit
C:\Windows\System\PDweynS.exe

Filesize
1.9MB

MD5
2fa5b8657c452941bad7cd3a743337e1

SHA1
f532e65eacdfdbc44906fba6967fa21be82d9387

SHA256
eb5735a4debfded046b25f602c0640a719890724702b7d84e5b438db54a1f64c

SHA512
924439bd26e05bdad2ff30b1dd497c092c6b9bd762aad94e7af5a87d9976ff8b7dcc3f57bfdb2b623f7692dc1016365d5f2b6549bbeecea925e42a86aff0871b

Download Submit
C:\Windows\System\PPlHZWA.exe

Filesize
1.9MB

MD5
e1c066e8c1494de71789368e20384449

SHA1
2c7aed2c1d67a97e4b19a7f77ae66f959187e0bf

SHA256
1a4855450854b0720f319c10ded8c7e894ef2ffdad27507ee4a38e52494cc098

SHA512
9d7eff8536cb062d78e792f5d4b0ebc967a0fb777118cef3cfd78c980c85e78eb4be6b4a8ca73b9f6745d013e3ab2a1c230da2eeaecabcb177147e8863abd970

Download Submit
C:\Windows\System\RuusUFk.exe

Filesize
1.9MB

MD5
13bed20327a5cb82a1979cbb0296fe6c

SHA1
a4fe175393ee1b77ef1b607a809db6c4c3d59e34

SHA256
77fdf46b44de5424a261b8e5da0118ef1f35948cc18e3c57699167ea81fc7d65

SHA512
c6ca8cfc5b4f026ff4299001a1868b77aa701cab76595717cc908921f50cc7d217fe22013b50645e2f0b0f84052b8f17dd048a944c5c8df28d21456a36bab543

Download Submit
C:\Windows\System\SGIHBkh.exe

Filesize
1.9MB

MD5
3543d8c982f7e44491313d89883d01f4

SHA1
e0f4510e443321d7ab391be50bcc102ee4f88c85

SHA256
a734295d049508475836ff638afbb7f9f47359191386ef23f7601c2a92cf8a11

SHA512
3479ec5bfa474b6537cee57e4cd30fcd0c32d5fb6524a104dbbc31abed30d55000d4b18b91f4467443a9a67f20008206d896037918545e4096ccf1a0d03d7e32

Download Submit
C:\Windows\System\UBhxrcb.exe

Filesize
1.9MB

MD5
41993073540ed1b40f91422f7a6373aa

SHA1
77368acfa8c2af18cb8ebf658c4601f999cc5982

SHA256
66315a3e88154c9bfe1ac5941d773f99f37c7b52fc7eb7c2cae0fb85587c814f

SHA512
d6cb0111662dc332ffd9d2ee742699428132a9352ace1a0f60c99dd22f15d3c3900be9f8813ee7f40c9e9bac4f6d52341a9ee422b1360afa27dfd4bfef42089b

Download Submit
C:\Windows\System\UZVQWcF.exe

Filesize
1.9MB

MD5
9c2845c64f3a0f27b9b787f85661717e

SHA1
d5dc811546f2b08ebc8a9976e1b161c7aa9fc2b2

SHA256
fad8a23263592bc218396e47fc85027ae55d2a11c9d671b2ef8e56e0a3fe0963

SHA512
7b5288cf22afe106fb655b9a55ba7679861c502f1acd1435b3a50255676e724f3311d19609a3d11bcb2e469c55644506dbffdae5200acdc58c9bf35a662e29df

Download Submit
C:\Windows\System\WKEjmKY.exe

Filesize
1.9MB

MD5
b1e5e520a270e7e4837d32fadffac428

SHA1
a896418339cc0047abb43d73bbb3f23037cab6d3

SHA256
ddf14717b3efbde1fdd9da37251a9281a393970e0b07842ad978e2e3b527c4ce

SHA512
7f9553a47f841a758a882ada574a2bd5ba6367488ece7887cd6fc6be743225c653b300a42c31e0b79a915481255db1771e533e1a3dd52bef4862625b4f6009cc

Download Submit
C:\Windows\System\WlyQFrx.exe

Filesize
1.9MB

MD5
66c32fea09c082cfc67b032d4c530ab0

SHA1
487de6be959e50d40908ecf514f013d735c6e9af

SHA256
ce0a41706d79873b40f305da9e912f0ced0c526e1ec114bd89cac8aaa5498afe

SHA512
015e88816aa01bd128de40da22e5557462018f9a3fb5b4f01293cb7c8a7b7b58935aa943bb3716b605ae207f18ab708c49b5573747fba586b46731e95940f974

Download Submit
C:\Windows\System\WuIEROy.exe

Filesize
1.9MB

MD5
24b6ef48a07ee837a8638569a0fe4698

SHA1
4a3a1f5eaafed346560b58a1ac292573999c4bff

SHA256
f3ad6f404d038ced0b0baf68f4eccaa3c2abf78bc18aec2a94798e6984ca0c6e

SHA512
01036fbfb798e94fcb79f8f70cf8a4358d645665891592847207051ac5f743269e1484ffa6ab103cc684e9813c1bcc19abc76225b01f8c10eaf003d198a0b729

Download Submit
C:\Windows\System\YNtRLho.exe

Filesize
1.9MB

MD5
2b2061e5c74a9a4b649416df1f4b39f4

SHA1
58e702b85ff7cb2038ac28b2ca8ed5344bef9955

SHA256
325e8554601b4694a01e045b08430493d80d01caa1b52c9309cf4c1c91e8bec5

SHA512
5fcefe6675db3f48f300168df995e19c78f540336cb61e71ecfaf0fca3af3bf7e1eb76bf93160cc663bf249df6e333d64a93f322a12667524884b12b00889267

Download Submit
C:\Windows\System\bILqGGj.exe

Filesize
1.9MB

MD5
d90118a9675bba4ba31afa378682bbdc

SHA1
eee998665fad989085ad2e655654dda8a02cdcf0

SHA256
947f3787a1943972aa1ceb8ed4178f0b9c6ba7e1697b5c66576ceea441760b5c

SHA512
0ca5d12d0c7f16055fd73395dc02bcf283dc46b0cc5335076eb045240684ecabe1bec5f7765949ece68b9fcf693facef601b4ab2bdd2cffa73c273bf0fc845f0

Download Submit
C:\Windows\System\bmmPAGQ.exe

Filesize
1.9MB

MD5
cf8e9c508e3a391ebb4226abf3df58a3

SHA1
7fbb9571909e50cd29982eb3e0db9bb13c275794

SHA256
a3a29eba718b4a44853a4da15920d847a9d7c1d1688b70ceeb92ada2845747af

SHA512
6db78cdba0f2d132e626767970835ec8f30f3f18926fce04f6e318a2387094395780bba744e817bd162c0009da97b51b58348b05adcb8d9b740aefcd601e958c

Download Submit
C:\Windows\System\fLASmWU.exe

Filesize
1.9MB

MD5
eeecc3e91c96055e21bae7eefdcd0c95

SHA1
f567753e8d406a2ad2381c17a9b0d1bac3789f22

SHA256
5be63260ffa507725d32acda59adedfee435a6b4261cd58e21163c53bfe5d17c

SHA512
acaaaeb57309ae9e4a363e06c0213ad273ed0adc1abd83b9a5fb21175e0bb44d25f379e6e9eb37b95a10cee6e05f7729c29c11e696cfa8b991d40f422d348ba1

Download Submit
C:\Windows\System\fUvfQTa.exe

Filesize
1.9MB

MD5
8517223d5f2fec006839983f5c3d466f

SHA1
d6aade41fc75c411df50d6060296e4b18a5563f7

SHA256
a39446f3ba3ee0071da21eef9fe59f6eac190e682d8ba14a4db44d84f7e607cf

SHA512
da80f4a06c5fb4174b74c351f5c34107464451a5018e7c04daef8e2640092aa52175641b497dfda3438978ab500e8ed65d374e5778148dd5238aecad602f6346

Download Submit
C:\Windows\System\jRAqFHT.exe

Filesize
1.9MB

MD5
d79708b9f161ad16f61aed434026192b

SHA1
cefca9836158e7d8b6c665d333e063e316445b37

SHA256
ec3743669e980f1bb5b477c84ed563944d71f5578ec10d2f0d697c6de519e498

SHA512
d651452964044a7770cebb3cad4604959a712906669ddcf3c44c68d2ab4bd043368ae9f4ea83ea1a0ed0fefb523d715eef69b61e2b5fc984b894efc75f73693c

Download Submit
C:\Windows\System\kNErrPs.exe

Filesize
1.9MB

MD5
06b73e448a5eb8821ba57c21a322391c

SHA1
1002e449e5f489bc2cbf5f4a4a5b4136bfdfb4df

SHA256
c2f0a3ef384720090bf337535ab5c68a314cceab1fba39022b6d07bd29b4d1ae

SHA512
a5d108ebc26823d7e787f4d16daefe7407b6c30db4d3160386af1e034434647f2629d580912ba522a51fa84583c46affccbc4ba9b8fffe459a6242863ab6f020

Download Submit
C:\Windows\System\kaYwyNP.exe

Filesize
1.9MB

MD5
027e47371ddb152926b66d7310e433df

SHA1
5052e77de0f2f1eafaf4ffded7fe80ff904fd91d

SHA256
0c259bf0e4e77564aa02d829b0a036d00385f1f30076efd724a061ee0df3c785

SHA512
793b1fe4fd43a360d37ab8d0100833050323c0030cd8ed0a32090e37e4959f004cded9246d64b2929f6ebaf5356cd6cf1d43ac8c0e84dba25d9d1a3c06b9a356

Download Submit
C:\Windows\System\lAXCZku.exe

Filesize
1.9MB

MD5
efb5396521a7228c43c9b6d8c47415d5

SHA1
30f647926d88042749a2aa9e4a1e37a8d29796e8

SHA256
2b9a74af0dcc8e263beef9c83d951043e3d7665e44b8f29b6b6f175aeb4152d4

SHA512
fa8439780697e899a0d65074e105c20a1857b67e43db4a9d582aa6e2553ea7386fbac6005cef1a5543681abaa27727ea7b7d3deba2e98e96b048535389dcf7be

Download Submit
C:\Windows\System\lrjPyOa.exe

Filesize
1.9MB

MD5
08e6981875454b09a0859a055c1b6f6a

SHA1
15b1f0ccca06942aac82cb90d48d5de6db3225a9

SHA256
c6563272436f972f0ef2c731ccd672c59e3a9688cb64ac89f8880308970200cc

SHA512
1672736531133fe739444acdc564477d2ef8680259279cc06ae9b7a34ae9a40c4fdef35964ffce7d5cbd5e2557da09ffc61ce47d92b4850bea6cc1eaff28027d

Download Submit
C:\Windows\System\lzAVXno.exe

Filesize
1.9MB

MD5
2441ebf46a7e9dfb553a9dc1f63aa755

SHA1
eec183bf2c45f26407d1effa486114b21b36f1e6

SHA256
6889fe199ab061f6d6bf5bccf85a34ad3a0e0d20ad98e60ac678a8b400e40bd5

SHA512
2396988e41efc66b8981d2ba9b6ff3b7437f9e89f4c2f40f38d175ada1628497ba24d84aaaf5ad49acff0f981082a8fe68c75bf0937949fa3eabfd988d733201

Download Submit
C:\Windows\System\mymLBme.exe

Filesize
1.9MB

MD5
c0e125900d0efc55b759f23696903ba3

SHA1
6567a4fe7e640c55c16548d6e447dc8c092f4f26

SHA256
d1c9888191478fff85fe96532b8847a6a4866e5fd1e87cdb1406de5004f90f5c

SHA512
dc0bdcb5dd8adaea8968c6f2dfb0e40218f5fe7dd466c07e708637cb2a4146dc9922f0395c51f8cb847dab13d09f569a185844a1254a506c22dbe7f4c12fe3d6

Download Submit
C:\Windows\System\nRxdEMf.exe

Filesize
1.9MB

MD5
93123caa0f312e1ca601697697fbef33

SHA1
132accfd70877f3d070cdd7675cc143018b3b6f5

SHA256
388a9e58bee8b75e03b04362e8cfde7fff15ad8c70d6b945a0950c43b8cfb41f

SHA512
112d0dc79bbcff69a00475443238559c66eae5296358e8b20ec62458cfbacb4b2ed258d7c5cb68c57e148527d3551a498e670adfc44d733deaeeae852adc70fd

Download Submit
C:\Windows\System\nxMvvnS.exe

Filesize
1.9MB

MD5
ebf9a7d1b2efc99a0ed620e4a6eae1ff

SHA1
a4294aa2a10e3f936ee768a1c614a6e027b0450c

SHA256
5fd2e4092e8b9cf69355440fc1e0a9ea8cef6103abaed05507d21d40aab56d29

SHA512
9b2e7742a26608b990649bd26080746b652166e5d9e4aafc1fa4ed8b50e3ca6bd35e6ca7ab6e2fef8112b5ab60486c3b9ce578849ae1bb8156a8500fd8edc42d

Download Submit
C:\Windows\System\ouxhGJQ.exe

Filesize
1.9MB

MD5
c0eacdd774fb712acc111fa003f7136c

SHA1
ba92cb9194e4af6c55ee0ae12a1c6c802269a299

SHA256
3e908259e33d96c02ee76a976a24dbf481665da93c9e13215ea88acd91b12fe5

SHA512
bc9c77b55c4aa0fb61d7449cca31b11b84d13abf2f220eec1aec0fc7e3c03c2e62e5fb54857648044991fc3caf786aee2990cd5863c5ab255c716e2f3e8e7587

Download Submit
C:\Windows\System\qnOVPXr.exe

Filesize
1.9MB

MD5
701c835e45b8875f33774db2953089c7

SHA1
8e01d8feed63116ceb6f88ee4e778546ae9d9584

SHA256
eecaa9878a642f8ab0532450ed751baa4d7dc2b3332273c57ce94794e66a7c63

SHA512
a3c04c317aa36a320b90f14c201d2a2a1536c059b60523571671c12882222d2795dcbc31ac990ee2e2366a26105c4ae02598616fe27b12212d722dd671caf445

Download Submit
C:\Windows\System\thCMylw.exe

Filesize
1.9MB

MD5
46f42b9ebc6d082736b2701066c9fe5b

SHA1
3d1379bae1decf292f75a498ce811f48be4535b2

SHA256
83d921a10cdf325ec881c70f9a6e7f24ca790cb1ea72acc6272517e6fbdb21d6

SHA512
7b0daa83e651cba44cfa914200e7560177389ce1e3d500810f3babf0ada0780d713798a10a31b9b951653692973689dcb59ac194bc59f97043f3e8af0809a474

Download Submit
C:\Windows\System\wCPucrK.exe

Filesize
1.9MB

MD5
07546eaffb24800007da9dc74b152cd4

SHA1
66378f8674994a92047b5a7dd550ddf5a4c35eca

SHA256
878d40ef81c8c129df51bc4ac610a3d75079f01718d703b67cb2eaa054a25d1d

SHA512
3534edc71de2c98bd2ee3cd93a8cdb8febb5d851dfadd41c3a2f356c8672b82211e3dbd8dc37ef5a10914f39e2e02e90bb19c13c01c73862fd1695d842f28b7e

Download Submit
C:\Windows\System\wdRmsTU.exe

Filesize
1.9MB

MD5
83a47bb1c08f36fd67dd59fd05e3daa6

SHA1
7d33c14ac7b24f9def90ab2481b86bc5480c1725

SHA256
34725e390649b1cea1a600bcf907b835005fc30edfaaea32cb20f4fdf65d7caf

SHA512
930ee5b8d711803bd0094bcbe40116049d421db76eb2f712c0df9092a0286b2833fdbf4bd81b9d63b6a40344a978ececdaa59340789291a7dbecefe007b86061

Download Submit
C:\Windows\System\wlTufla.exe

Filesize
1.9MB

MD5
eff2519d445c6e8a3e3de0ef6d4a3fba

SHA1
ec384127249e4f421491e0108a9b4f5308f74cea

SHA256
a3fd3038e596d6ba2c0def570986ff5d0fbc206b39570350cab54f74ff534d34

SHA512
8bff1988777e7a4b3ad2d10514af6597e22732e1f02184955dcb314bd9f21bec64e4e83b81e958b078c1d61591b4ff45851bff1fbd699eabbada8b0342ddb0c2

Download Submit
C:\Windows\System\xIOfCGt.exe

Filesize
1.9MB

MD5
5e3122ab17e99328deb2afddef41d544

SHA1
7d019e8799687e23504a058359c6c22abcd354c6

SHA256
7f99a174a54cdaacef390f29e42369a6325b55496c20e1e68d2e3cf92229e8bf

SHA512
923220ff415686d95eac389456b1b922d4b3ec43c172c9e97289ae4efa08c972114bb2bf9e6f39bc7dfaa2d35a2a2ff39a1fcf918d28519c5615a0117145f83d

Download Submit
C:\Windows\System\zNfpnor.exe

Filesize
1.9MB

MD5
48ed02a87d0c4b20470c451f008fb598

SHA1
8a652091e4f441ce85da57539baf1bf2bdc84928

SHA256
35d598ac1e4e0f4580021592d07d14dc782b2af187c3ccd3261055d402c97216

SHA512
7f9575c4a818a1422b21ce1ba22f6733db5ee51964c8adb06f4d45b8a397338587e263d98a5c327c39e82698860b233451010764d5f749245fe86399654b3a54

Download Submit
C:\Windows\System\zrpuzRZ.exe

Filesize
1.9MB

MD5
28eddb238c431ebad8d5e7c4481c5edb

SHA1
cfd05553596ee7fd25211878c3f34576772603aa

SHA256
194ce23518aaa1e9ce4ee7f01203d7044701dab7c7c1f9cc36a6589b921d1594

SHA512
7a8c037ea94cc805c90840d2bae9d7de14f37243fa4d82015a6619e5780b5c69e4113356fa3ccd975caf8f9afef324bd9442eee910646a8f01881562e9d0fc39

Download Submit
memory/116-0-0x00007FF611F40000-0x00007FF612332000-memory.dmp

Filesize
3.9MB

Download
memory/116-1-0x000001F3A6B10000-0x000001F3A6B20000-memory.dmp

Filesize
64KB

Download
memory/856-2751-0x00007FF746B10000-0x00007FF746F02000-memory.dmp

Filesize
3.9MB

Download
memory/856-195-0x00007FF746B10000-0x00007FF746F02000-memory.dmp

Filesize
3.9MB

Download
memory/1460-2772-0x00007FF62D630000-0x00007FF62DA22000-memory.dmp

Filesize
3.9MB

Download
memory/1460-362-0x00007FF62D630000-0x00007FF62DA22000-memory.dmp

Filesize
3.9MB

Download
memory/1516-2758-0x00007FF687EB0000-0x00007FF6882A2000-memory.dmp

Filesize
3.9MB

Download
memory/1516-64-0x00007FF687EB0000-0x00007FF6882A2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-368-0x00007FF7712D0000-0x00007FF7716C2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-2795-0x00007FF7712D0000-0x00007FF7716C2000-memory.dmp

Filesize
3.9MB

Download
memory/1740-2782-0x00007FF78EB60000-0x00007FF78EF52000-memory.dmp

Filesize
3.9MB

Download
memory/1740-237-0x00007FF78EB60000-0x00007FF78EF52000-memory.dmp

Filesize
3.9MB

Download
memory/1932-2756-0x00007FF74F9D0000-0x00007FF74FDC2000-memory.dmp

Filesize
3.9MB

Download
memory/1932-287-0x00007FF74F9D0000-0x00007FF74FDC2000-memory.dmp

Filesize
3.9MB

Download
memory/1948-2785-0x00007FF627C30000-0x00007FF628022000-memory.dmp

Filesize
3.9MB

Download
memory/1948-665-0x00007FF627C30000-0x00007FF628022000-memory.dmp

Filesize
3.9MB

Download
memory/2012-430-0x00007FF7B1860000-0x00007FF7B1C52000-memory.dmp

Filesize
3.9MB

Download
memory/2012-2791-0x00007FF7B1860000-0x00007FF7B1C52000-memory.dmp

Filesize
3.9MB

Download
memory/2116-431-0x00007FF7516E0000-0x00007FF751AD2000-memory.dmp

Filesize
3.9MB

Download
memory/2116-2768-0x00007FF7516E0000-0x00007FF751AD2000-memory.dmp

Filesize
3.9MB

Download
memory/2124-433-0x00007FF73E560000-0x00007FF73E952000-memory.dmp

Filesize
3.9MB

Download
memory/2124-2753-0x00007FF73E560000-0x00007FF73E952000-memory.dmp

Filesize
3.9MB

Download
memory/2408-14-0x00007FF68ABD0000-0x00007FF68AFC2000-memory.dmp

Filesize
3.9MB

Download
memory/2408-2760-0x00007FF68ABD0000-0x00007FF68AFC2000-memory.dmp

Filesize
3.9MB

Download
memory/2744-764-0x00007FF65AD10000-0x00007FF65B102000-memory.dmp

Filesize
3.9MB

Download
memory/2744-2786-0x00007FF65AD10000-0x00007FF65B102000-memory.dmp

Filesize
3.9MB

Download
memory/2936-2778-0x00007FF6C11C0000-0x00007FF6C15B2000-memory.dmp

Filesize
3.9MB

Download
memory/2936-361-0x00007FF6C11C0000-0x00007FF6C15B2000-memory.dmp

Filesize
3.9MB

Download
memory/3588-152-0x000002B4DB0A0000-0x000002B4DB0B0000-memory.dmp

Filesize
64KB

Download
memory/3588-151-0x000002B4DB0A0000-0x000002B4DB0B0000-memory.dmp

Filesize
64KB

Download
memory/3588-501-0x000002B4C2DF0000-0x000002B4C2E12000-memory.dmp

Filesize
136KB

Download
memory/3588-585-0x00007FFEED150000-0x00007FFEEDC11000-memory.dmp

Filesize
10.8MB

Download
memory/4432-2789-0x00007FF73BB30000-0x00007FF73BF22000-memory.dmp

Filesize
3.9MB

Download
memory/4432-410-0x00007FF73BB30000-0x00007FF73BF22000-memory.dmp

Filesize
3.9MB

Download
memory/4724-2764-0x00007FF6E9B00000-0x00007FF6E9EF2000-memory.dmp

Filesize
3.9MB

Download
memory/4724-335-0x00007FF6E9B00000-0x00007FF6E9EF2000-memory.dmp

Filesize
3.9MB

Download
memory/4732-102-0x00007FF71F590000-0x00007FF71F982000-memory.dmp

Filesize
3.9MB

Download
memory/4732-2762-0x00007FF71F590000-0x00007FF71F982000-memory.dmp

Filesize
3.9MB

Download
memory/4740-234-0x00007FF614BF0000-0x00007FF614FE2000-memory.dmp

Filesize
3.9MB

Download
memory/4740-2796-0x00007FF614BF0000-0x00007FF614FE2000-memory.dmp

Filesize
3.9MB

Download
memory/4780-70-0x00007FF767E50000-0x00007FF768242000-memory.dmp

Filesize
3.9MB

Download
memory/4780-2713-0x00007FF767E50000-0x00007FF768242000-memory.dmp

Filesize
3.9MB

Download
memory/4840-363-0x00007FF6F19E0000-0x00007FF6F1DD2000-memory.dmp

Filesize
3.9MB

Download
memory/4840-2770-0x00007FF6F19E0000-0x00007FF6F1DD2000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2774-0x00007FF6A0010000-0x00007FF6A0402000-memory.dmp

Filesize
3.9MB

Download
memory/5036-360-0x00007FF6A0010000-0x00007FF6A0402000-memory.dmp

Filesize
3.9MB

Download
memory/5056-2754-0x00007FF6DBA90000-0x00007FF6DBE82000-memory.dmp

Filesize
3.9MB

Download
memory/5056-150-0x00007FF6DBA90000-0x00007FF6DBE82000-memory.dmp

Filesize
3.9MB

Download